Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Indeed Certificate Manager system Axidian CertiFlow can be integrated into other Indeed products Axidian products Indeed Axidian Access Manager and Indeed AM Axidian Access Enterprise Single Sign-On. Integration allows for combining the operations of smart card issue, certificate requesting and writing, as well as authenticator registration into a single process.

The smart cards issued in this way can be used both for authentication in domain and SSO applications and for digital signature or access to resources that require personal certificates. Integration between systems is possible at any stage, irrespective to what product has been deployed first.

The setup of integration of Indeed CM Axidian CertiFlow and Indeed Axidian Access Manager & Indeed AM Enterprise Single Sign-On comprises two stages:

  • Installation and setup of the required software
  • Configuration of integration parameters

The first stage requires installation of the following components:

  • Indeed-Id Axidian Administration Tools (or Indeed-Id Axidian Admin Pack) to each Indeed CM CertiFlow server 
  • Indeed-Id Axidian Extended Security Provider for each Indeed EA Access server 
  • Indeed-Id Axidian SmartCard + PIN Provider for each Indeed EA Access server 
Tip

Indeed-Id Axidian Administration Tools is a part of Indeed-Id Enterprise Authentication Axidian Access system installation package.
Indeed-Id Axidian Extended Security Provider and Indeed-Id SmartCard Axidian SmartCard + PIN Provider is supplied by Indeed Identity support service on Axidian Technical Support on request.

It is also necessary to setup the Extended Security Provider:

  • Create Indeed-ID Axidian Enrollment Admins security group as per Installation and operation manual for Indeed-Id Extended Axidian Extended Security Provider.
  • Add service account (‘servicecm’) to Indeed-ID Axidian User Admins and Indeed-ID Axidian Enrollment Admins security groups.

The second stage requires setting of integration parameters in the smart card usage policy of Indeed Certificate ManagerAxidian CertiFlow. Open the Indeed EA & ESSO Axidian Access section in the selected policy configuration and define the parameters for Indeed EA & ESSO (Table 3).

Scroll Pagebreak
Table 3 –

Integration parameters for Indeed EA & ESSOAxidian Access. Table auto

ParameterDescription

Enable

Indeed EA & ESSO integration

integration with Axidian Access

If enabled, there will be simultaneous issuance of smart card in the

Indeed CM

CertiFlow system and of authenticator "Smart card or USB token + PIN" in

Indeed EA/ESSO

Axidian Access systems.

Use
Indeed EA proxy
Axidian Access proxy server

If enabled,

the Indeed CM

Axidian CertiFlow will address

Indeed EA

Axidian Access proxy, which, in turn, redirects the request to

Indeed EA/ESSO

Axidian Access servers. The proxy is mandatory, if the

Indeed CM

CertiFlow servers are beyond the domain of

Indeed EA/ESSO

Axidian Access system.

Proxy URLThe address of
Indeed EA
Axidian Access Proxy Server.
Username

User name and Password

Credentials (username and domain password) of the user, which is a member of

Indeed-ID

Axidian User Admins and

Indeed-ID

Axidian Enrollment Admins security groups.

Allow

Enterprise Authentication

usage of Axidian Access Windows Logon

If enabled, then the user is allowed to use

Indeed

Axidian technology for authentication in domain using

Indeed-Id

Axidian Access Windows Logon component after a smart card issuance in the

Indeed CM

CertiFlow system.

Allow
Enterprise SSO usage
usage of Axidian Access Enterprise Single Sign-On

If enabled, then the user is allowed to use

Indeed

Axidian technology for authentication in applications using

Indeed-Id

Axidian Access Enterprise SSO Agent component after a smart card issuance in the

Indeed CM

CertiFlow system.

Generate

windows

Windows account random password

If enabled, a random domain password is generated when a smart card is issued in the

Indeed CM

CertiFlow system. In this case, when current password expires, a new random one is generated, known only to

Indeed EA

Axidian Access system.

Permissions for Enterprise AuthenticationAxidian Access Windows Logon, Enterprise SSO Single Sign-On and random password generation are disabled, if the last registered user authenticator is removed.

Info
iconfalse

For example, if a user had no authenticator in the Indeed EA Axidian Access system and no cards in the Indeed CM CertiFlow system, then after issuance of a smart card with defined integration parameters this user would Indeed Certificate Manager CertiFlow have one authenticator ("Smart card or USB token + PIN") in the Indeed EA Axidian Access system and one card (for instance, eToken) in the Indeed CM CertiFlow system.

If the smart card is deleted from the Indeed CM CertiFlow system, the authenticator in the Indeed EA Axidian Access is deleted as well, and, since there is no other trained authenticator, the permissions for Enterprise Authentication, Indeed-Id Enterprise SSO Axidian Access Windows Logon, Enterprise Single Sign-On and random password generation are disabled (of course, if active at the moment of revocation).