Versions Compared

Old Version 76

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version 77

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You have to fill in the necessary values in the During system deployment stage it is necessary to set up configuration files of each service at the system deployment stage. Configuration files of all system services reside are located in the root folder directory of IIS web applications (default path is %SystemDrive%\inetpub\wwwroot). 

Info

Card Monitor service configuration files are located in %ProgramFiles%\Indeed CM\CardMonitor.

Setup of configuration files is carried out using Indeed CM Setup Wizard. The latter runs automatically upon completion of Indeed CM Server Installation Wizard, if the corresponding checkbox is activated.
However, you also can run the Wizard manually at any time (Configuration files are set up viaAxidian CertiFlow Setup Wizardwhich runs automatically if you check the option Run Axidian CertiFlow Setup Wizard in Installation Wizard.
Or you can run the Setup Wizard manually: Start - All ProgramsIndeed) Axidian.

Scroll Pagebreak

In table features the sections of Setup Wizard, along with description of their parameters.

Indeed CM Setup Wizard sections and their description.

Here are the Axidian CertiFlow Setup Wizard parameters:

To perform tasks for the regular launch of the Card Monitor service
      • Expiring user certificates
      • Approve/reject to issue a card
      • Approve/reject to renew a certificate
      • Approve/reject to replace a card
      • Modifying a system policy applied to a user
      • Changing user attributes in users catalog 
    • SectionDescription
    Before starting work

    This contains information about the Axidian CertiFlow Setup Wizard purpose and features of Indeed CM Setup Wizard.

    Restore configurationThis allows to load Uploading a backup copy of Indeed CM Axidian CertiFlow configuration.

    System features

    • Common features
    • Event Log
    • Microsoft CA
    • AirKey Enterprise
    • Client Agent

    Configuration of internal parameters of Indeed CM Configuring internal settings for Axidian CertiFlow web applications:

    Management Console

    Self-Service

    Event Log:

    Microsoft CA: Configure settings for working with Microsoft Certification Authority.

    AirKey AirCard Enterprise: Configuring Configure integration with Indeed AirKey Axidian AirCard Enterprise virtual smart card server.

    Client Agent: Configuring Indeed CM Configure Axidian CertiFlow Agent.

    User Users catalog

    • Active Directory
    • Tracked attributes

    Definition of the system user catalog. 

    Definition user attributes when changing which requires a certificate update.Information about users catalog and user attributes . 

    The list of tracked user attributes in the settings of Microsoft CA certificate templates settings includes the following attributes by default:

    • Common name
    • E-mail
    • User principal name
    Warning
    Tracking You can track changes in user attributes is available for attributes from the only in Subject and Subject Alternative Name fields of the certificate.


    Access control

    • Role administrator

    Defining access settings to system services.

    Specify Definition an account to initially configure user privileges in the Roles section of Indeed CM Axidian CertiFlow Management Console. 

    Warning

    The specified account must have a User Principal Name (UPN) and be included in belong to the specified user catalog of the systemusers directory.


    Database

    • Active Directory
    • Microsoft SQL
    • PostgreSQL
    • Encryption key

    Definition of system Information about the system's data storage and encryption algorithm.
    Creation of Creating an encryption key or , a backup copy or a key recovery of key from backup. Parameters of connection to the storage are defined according to the selected Storage connection settings depend on selected storage type.

    Card Monitor service

    The Card Monitor service is intended for control of controls smart card usage. The service performsOperations:

      Revocation of
      • Revoking expired temporary cards
      • Deactivation
      • Deactivating (optional)
      • of
      • cards and
      • revocation of
      • revoking certificates for
      • the
      • users
      • whose
      • with disabled Active Directory accounts
      • have been disabledRemoving
      • Deleting AD disabled accounts (optional) from
      • the Indeed CM user catalog whose Active Directory accounts have been disabled
      • Axidian CertiFlow users catalog
      • Revoking and withdrawing
      • Revocation and withdrawal
      • (optional)
      • of
      • cards
      • of users whose accounts have been removed from the Indeed CM user catalog
      • for deleted users
      • Setting/resetting a card content status (about to expire/expired)
      • Update of
      • Updating card contents
    Info

    If the card was updated through the Agent Indeed CM without automatic approval of certificates by the CA operator.

      Event registration
      • (available if a card is updated through Axidian CertiFlow Agent and the CA operator does not approve certificates automatically)
      • Registering
      • There is no connection from the agent for a long timeevent in the system log
      • Sending
      • of the following
      • email notifications to
      • the
      • system administrators and users about the following events:
          • – User certificate expiration
          – Card issuance approval/rejection
          – Approval or rejection of renewal for certificates
          – Approval or rejection of card replacement
          – Change of Indeed CM policy applying to user
          – Changing user attributes in the user directory 
      Warning
      Warning

      For the Card Monitor service to run regularly, the account specified in the setup wizard must be

      in the

      part of Administrators group on the

      Indeed CM

      CertiFlow server and have permission to Log on as a batch job.

      For the Card Monitor service to work correctlyproperly, create a service role (say, with an account for Card Monitor service) in Roles section , include an account in it, on behalf of which Card Monitor will work with and define the flowing following privileges for named the role:

      • Disabling cardcards
      • Updating cardcards
      • Revoking cardcards
      • Cleaning cardcards
      • Unassigning cardcards
      • Removing cardcards

      • Removing AirKeyAirCard

      • Removing record from custom log

        Note

        If integration with AirKey Enterprise is configured, then set privileges for working with these Set privileges to work with virtual smart cards, if AirCard integration is configured.


      Confirmation

      This contains combined information on settings of all Wizard sections, as well as an opportunity to create Summary of all settings and creating a backup copy of Indeed CM Axidian CertiFlow configuration.

      When installed Indeed CM Server installing Axidian CertiFlow for the first time, set up the required parameters and make a backup save a copy of those your configuration settings (option Backup current configuration settings in the Confirmation section).

      The backup copy of Indeed CM settings contains all the parameters defined for all services during installationConfiguration backup includes all settings, as well as encryption key and algorithm. To When deploying new system servers, you can use the backup to deploy new Indeed CM servers, specify file - upload it in the Restore configuration section of Setup Wizard. 

      Warning

      The backup also contains the data of service accounts (the one for user directory and for data storage), encryption key and algorithm. Be sure to store the backup copy file in a safe file also includes all service accounts data. Keep the backup file in a secure place.


      Results

      This displays the Wizard progress in writing the defined Information about saving the specified values to the service configuration files of Indeed CM services.

      After When you finish configuring the Setup Wizard is completesettings, the defined specified values of all parameters are written to the configuration files of all applications and encrypted. Encryption is performed using the Microsoft .NET key (NetFramework ConfigurationKey) key. Encryption algorithm is RSAand RSA algorithm.