GITRIX: Central Card and Certificate Management Without Compromise
Managing hundreds or thousands of corporate smart cards, USB tokens, and digital certificates is often a nightmare for IT and HR departments. Excel spreadsheets become outdated, users forget PINs, and expired certificates block important corporate agendas.
With the central management module from the GITRIX system, you get perfect overview and control over the entire lifecycle of all identities, hardware devices, and certificates from a single place.
Freedom in Hardware Choice
You are not tied to a single manufacturer. The GITRIX platform fully supports the most widely used hardware devices on the market and can get the most out of them. See what functions are available with different types of tokens and cards:
| Function / Hardware | Gemalto (Thales) | Starcos | Yubikey | Crayonic |
|---|---|---|---|---|
| Internal certificate issuance | Yes | Yes | Yes | Yes |
| Qualified cert. issuance (eIDAS) | eIdentity / PostSignum | I.CA | No | No |
| PUK / Management key management | Random (secure) | Factory only | Random (secure) | Random (secure) |
| User PIN reset | Yes | Extension only | No | No |
| User PIN change | Yes | Yes | Yes | Yes |
| Hardware recycling (reuse) | Yes | No | Yes | Yes |
- Card recycling saves your money: Is an employee leaving? You don’t have to throw away the smart card (e.g., Thales). GITRIX can safely wipe it (recycle it) and prepare it for a new user. The card can serve you for many years, radically reducing costs for new hardware.
Lifecycle and Logistics Under Perfect Control
The GITRIX system leaves nothing to chance. It covers complete processes from first issuance to safe decommissioning.
-
Everything starts with the operator: All agendas are centralized. An authorized operator (for example in the HR or IT department) manages the entire lifecycle through the clear Operator Application. From one place, they create users, issue certificates, and physical tokens.
-
Lightning card assignment and PIN setup: Once an operator assigns a new smart card to a user, two paths are available. PINs can be set by the operator directly during personal handover, or — and this is much more popular — the user sets their PINs completely on their own and at their leisure at their workstation.
-
Mobile app management (GITRIX SignID): The system doesn’t manage just physical “plastic.” GITRIX provides full-fledged records and management of mobile applications used for modern logins. You have a perfect overview of what devices have access to your network.
-
Handover protocol generation: During issuance, the system can automatically prepare a handover protocol for printing with a link for PIN setup in the user application.
-
Smart renewal system: Is a certificate expiry approaching? No more missed deadlines. The renewal process goes through a clear request system that can be fully automated for users.
Self-Service PIN Reset: End of Unnecessary Helpdesk Calls
A forgotten PIN is one of the most common reasons users call IT support. With GITRIX, this process is a thing of the past — users can help themselves completely securely.
-
Reset directly on the Windows lock screen: Did a user forget their login PIN first thing in the morning? They don’t need to log into the system at all. The reset process can be launched directly from the Windows logon screen.
-
Conveniently in the client application: For management during the day, there is an intuitive Client Application where the user can not only change their PIN but also reset it if it gets blocked.
-
Strict separation of login and signing PINs: The system prioritizes maximum security and distinguishes between the PIN for regular computer login and the special signing PIN (for electronic signatures). Both can be managed independently.
-
Secure user verification: To prevent anyone else from resetting the PIN, strong identity verification is required. The system sends the user a one-time OTP code via SMS or email. Alternatively, pre-generated recovery codes can also be used.
-
The magic of encrypted PUKs: PUK codes are used in the background for card unlocking. In the GITRIX system, these codes are generated completely randomly and stored in strongly encrypted form. Not even the IT administrator knows them, thereby guaranteeing absolute non-compromisability of the solution.
Automation and Audit Trail for Your Peace of Mind
- Automatic entry into Czech POINT: Have you issued an official a new certificate? GITRIX can automatically connect with agenda systems (e.g., Czech POINT) and upload the certificate serial number there directly. This completely eliminates manual transcription and dramatically reduces the risk of human error.
- Indisputable audit log: Need to prove who, when, and what they manipulated? GITRIX maintains a complete audit log of all activities — from the company-wide level, through the history of a specific user and their hardware device, to the lifecycle of a single certificate. Ideal for meeting strict legislative requirements (NIS2, eIDAS).
Unify the management of your cards, mobile identities, and certificates into a professional platform. Save hardware costs, eliminate unnecessary load on your IT helpdesk, and gain absolute certainty over your corporate identities.
Key Features
Support for multiple hardware tokens / cards
We support devices from manufacturers such as Thales, YubiKey, Crayonic, Starcos
Self-service for lost PIN
Secure encrypted storage of PUKs - only decryptable by the card. PUK is not available in visible form. The user controls their content, the organization controls their device.
All information in one place
Web portal with complete records of all devices and their contents (even without issuance in GITRIX).