Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To install agents on user workstations, follow these steps:

  1. Run the AxidianCertiflow.Agent.-<version number>.en-us.msi from Axidian CertiFlow installation package and follow the wizard instructions. Agent will launch automatically.
  2. Configure the settings required to connect to Axidian CertiFlow server. You can do it via:
    1. Group Policy
    2. Windows Registry

Configuring Agent settings

The client part of Agent is installed onto user workstations. The parameters required to connect to Indeed CM server are configured during installation via Group Policy or Windows registry.

Info

To obtain the Indeed CM Agent installation package, please contact the Indeed Identity technical support.

Run the IndeedCM.Agent.msi from Indeed CM installation package and complete the procedure, following the Wizard instructions. The Agent starts up automatically after installation.

Setting up the Agent parameters

via Group Policy

To add an Indeed CM administrative Axidian CertiFlow administrative template (ADMX), proceed as follows:

  1. Copy the contents of IndeedCMof AxidianCertiflow.Client\Misc\PolicyDefinitions folder to the central ADMX file storage of domain controller controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.

    Info

    When using If you use local ADMX file storage, the Indeed CM templates are to be placed to place Axidian CertiFlow templates in C:\Windows\PolicyDefinitions  folderfolder.


  2. Open the Group Policy Management console.
  3. Create a new group policy object in the console tree or select an existing one.

  4. Open the context menu and select the Edit item.
  5. In the opened  Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Indeed CM > Agent (Figure 18)Axidian CertiFlow > Agent.
  6. Enable the Agent's URL Settings policy and specify its values:
  7. Enable the Agent's URL Settings policy and specify its values:
    • Specify the path to the agentregistrationapi application, located on Axidian CertiFlow at the Indeed CM server, in the Agent Agents registration service URL parameter.
    • Specify the path to the agentserviceapi application in the Agent Agents service URL parameter.

      Info
      iconfalse
      titleFor example:

      Agent registration service URL: https https://srv.demo.local:3003/agentregistrationapi/
      Agent service URL: https https://srv.demo.local:3003/agentserviceapi/


  8. Link this policy object to a group, where Indeed CM which includes Axidian CertiFlow user workstations reside.
  9. Click Apply and perform policy update.
Note

Policies are updated when after you reboot the workstation is rebooted with the client agent installed. To force Group Policy updates without rebooting, run the gpupdate /force command.

Image Removed

Figure 18 - Indeed CM Agent Group Policies.

Additional policies

You can configure additional policies for agents operation: Configure additional policies that define the work of Agents, if required:

  • Agent's timeouts settings
This

The policy defines:

    • Timeout of requests to agent services (default
  • :
    • value is 30
  • sec.
    • seconds)
    • Frequency of agent status update request (default
  • :
    • value is 300
  • sec.
    • seconds)
    • Frequency of agent settings, bindings, tasks and sessions update request (default
  • :
    • value is 30
  • sec.
    • seconds)
    • Timeout request to disconnect
  • the
    • agent from
  • the
    • CertiFlow server (default
  • :
    • value is 3
  • sec.
    • seconds)
  • Events caching settings
This

The policy defines

the period in minutes during which

:

    • time limit for the agent
will try
    • to
send
    • attempt sending events from
the cache to the Indeed CM Server (default: 10 min.).
    • cache to CertiFlow server (default value is 10 minutes)
    • number of events sent to the server per request (default value is 500 events)
  • Proxy server settings

The policy defines the use of a proxy server

settings for connection to Indeed CM

when you connect to CertiFlow server.

If the policy is

not defined or is disabled, then

disabled or not set, the proxy server will not be used.

Set

You can set the proxy server address in

"

Proxy server

"

field.

  • Event log settings 
This

The policy defines

events level for Indeed CM Server

the event recording level in the CertiFlow server Event Log:

    • All (default)
    • Errors only
    • Warnings and errors only
  • Tasks caching settings
This

The policy defines:

    Frequency of updating
    • how often the task cache is updated and
  • sending
    • how often the task
  • execution
    • status is sent to the server
  • if sending failed for the first time (default: 60 sec)Timeout at which the tasks will be removed from the
    • , if the task status was not reported to the server immediately (default value is 60 seconds)
    • how much time must pass before tasks are removed from cache during the next cache
  • update
    • refresh (default
  • :
    • value is 300
  • sec.)Timeout after which it will be possible to rerun the
    • seconds)
    • how much time must pass before a task canceled by the user can be re-executed (default
  • :
    • value is 60
  • sec.)

Setting up the Agent parameters via registry

    • seconds)
  • Smart card status update settings

The policy defines how often the smart card status is checked (default value is 30 seconds):

    • Lock user/administrator PIN
    • User/administrator PIN input retries
      Scroll Pagebreak

Configuring Agent settings via Windows Registry

Create a registry file Create a registry file (.reg) file with the following contents:

Code Block
languagepowershell
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCMAxidianCertiFlow\Agent]
"AgentRegistrationServiceUrl"=""
"AgentServiceUrl"=""
"ProxyEnable"=""
"ProxyServer"=""


Tip

For 32-bit systems, the parameter branch is:

[HKEY_LOCAL_MACHINE\SOFTWARE\IndeedCMAxidianCertiFlow\Agent]

The AgentRegistrationServiceUrl parameter specifies a link and port to connect to agentregistrationapi application.
The AgentServiceUrl parameter specifies a web - address and port to connect to agentserviceapi application.
If you use a proxy is used on workstations where the client agent is installed, specify the ProxyEnable and ProxyServer parameters (proxy server URL).

scroll-pagebreak

Info
iconfalse
titlePossible parameter values:
  1.  "ProxyEnable"=
"0": proxy
  1. dword:00000000 - proxy is not used.
  2.  "ProxyEnable"=dword:00000001 и "
1
  1. ProxyServer"
и ProxyServer
  1. =""
: default
  1. - default proxy settings are used.
  2.  "ProxyEnable
= "1"
  1. "=dword:00000001 и ProxyServer="
<some url>": the
  1. <proxy server URL>" - the proxy server specified in the setting is used.

Here is an example of a .reg file to connect to Indeed CM Axidian CertiFlow server named srv.demo.local via https HTTPS protocol and 3003 port using the proxy server https://192.168.10.10:443.

Code Block
languagepowershell
titleExample:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCMAxidianCertiFlow\Agent]
"AgentRegistrationServiceUrl"="https://srv.demo.local:3003/agentregistrationapi/"
"AgentServiceUrl"="https://srv.demo.local:3003/agentserviceapi/"
"ProxyEnable"="1"dword:00000001
"ProxyServer"="https://192.168.10.10:443"


Warning

Distribute the registry file and make changes to user workstations’ settings. For the changes to take effect, restart To apply changes, reboot the workstation with Indeed CM Axidian CertiFlow Agent installed or restart Indeed CM the Axidian CertiFlow Agent Serviceservice.



Divbox

Table of Contents