Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
To install agents on user workstations, follow these steps:
- Run the AxidianCertiflow.Agent.-<version number>.en-us.msi from Axidian CertiFlow installation package and follow the wizard instructions. Agent will launch automatically.
- Configure the settings required to connect to Axidian CertiFlow server. You can do it via:
- Group Policy
- Windows Registry
Configuring Agent settings
The client part of Agent is installed onto user workstations. The parameters required to connect to Indeed CM server are configured during installation via Group Policy or Windows registry.
Info |
---|
To obtain the Indeed CM Agent installation package, please contact the Indeed Identity technical support. |
Run the IndeedCM.Agent.msi from Indeed CM installation package and complete the procedure, following the Wizard instructions. The Agent starts up automatically after installation.
Setting up the Agent parametersvia Group Policy
To add an Indeed CM administrative Axidian CertiFlow administrative template (ADMX), proceed as follows:
Copy the contents of IndeedCMof AxidianCertiflow.Client\Misc\PolicyDefinitions folder to the central ADMX file storage of domain controller controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.
Info When using If you use local ADMX file storage, the Indeed CM templates are to be placed to place Axidian CertiFlow templates in C:\Windows\PolicyDefinitions folderfolder.
- Open the Group Policy Management console.
Create a new group policy object in the console tree or select an existing one.
- Open the context menu and select the Edit item.
- In the opened Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Indeed CM > Agent (Figure 18)Axidian CertiFlow > Agent.
- Enable the Agent's URL Settings policy and specify its values:
- Specify the path to the agentregistrationapi application, located on Axidian CertiFlow server, in the Agents registration service URL parameter.
Specify the path to the agentserviceapi application in the Agents service URL parameter.
Info title Example: Agent registration service URL: https://srv.demo.local:3003/agentregistrationapi/
Agent service URL: https://srv.demo.local:3003/agentserviceapi/Image Added
- Enable the Agent's URL Settings policy and specify its values:
- Specify the path to the agentregistrationapi application, located on Axidian CertiFlow at the Indeed CM server, in the Agent Agents registration service URL parameter.
Specify the path to the agentserviceapi application in the Agent Agents service URL parameter.
Info icon false title For example: Agent registration service URL: https https://srv.demo.local:3003/agentregistrationapi/
Agent service URL: https https://srv.demo.local:3003/agentserviceapi/
- Link this policy object to a group, where Indeed CM which includes Axidian CertiFlow user workstations reside.
- Click Apply and perform policy update.
Note |
---|
Policies are updated when after you reboot the workstation is rebooted with the client agent installed. To force Group Policy updates without rebooting, run the gpupdate /force command. |
Image Removed
Figure 18 - Indeed CM Agent Group Policies.
Additional policies
You can configure additional policies for agents operation: Configure additional policies that define the work of Agents, if required:
- Agent's timeouts settings
The policy defines:
- Timeout of requests to agent services (default
: - value is 30
sec.- seconds)
- Frequency of agent status update request (default
: - value is 300
sec.- seconds)
- Frequency of agent settings, bindings, tasks and sessions update request (default
: - value is 30
sec.- seconds)
- Timeout request to disconnect
the - agent from
the - CertiFlow server (default
: - value is 3
sec.- seconds)
- Events caching settings
The policy defines
the period in minutes during which:
- time limit for the agent
- to
- attempt sending events from
- cache to CertiFlow server (default value is 10 minutes)
- number of events sent to the server per request (default value is 500 events)
- Proxy server settings
The policy defines the use of a proxy server
settings for connection to Indeed CMwhen you connect to CertiFlow server.
If the policy is
not defined or is disabled, thendisabled or not set, the proxy server will not be used.
You can set the proxy server address in
"Proxy server
"field.
- Event log settings
The policy defines
events level for Indeed CM Serverthe event recording level in the CertiFlow server Event Log:
- All (default)
- Errors only
- Warnings and errors only
- Tasks caching settings
The policy defines:
- Frequency of updating
- how often the task cache is updated and
sending - how often the task
execution - status is sent to the server
if sending failed for the first time (default: 60 sec)Timeout at which the tasks will be removed from the - , if the task status was not reported to the server immediately (default value is 60 seconds)
- how much time must pass before tasks are removed from cache during the next cache
update - refresh (default
: - value is 300
sec.)Timeout after which it will be possible to rerun the - seconds)
- how much time must pass before a task canceled by the user can be re-executed (default
: - value is 60
sec.)
Setting up the Agent parameters via registry
- seconds)
- Smart card status update settings
The policy defines how often the smart card status is checked (default value is 30 seconds):
- Lock user/administrator PIN
- User/administrator PIN input retries
Scroll Pagebreak
Configuring Agent settings via Windows Registry
Create a registry file Create a registry file (.reg) file with the following contents:
Code Block | ||
---|---|---|
| ||
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCMAxidianCertiFlow\Agent] "AgentRegistrationServiceUrl"="" "AgentServiceUrl"="" "ProxyEnable"="" "ProxyServer"="" |
Tip |
---|
For 32-bit systems, the parameter branch is: [HKEY_LOCAL_MACHINE\SOFTWARE\IndeedCMAxidianCertiFlow\Agent] |
The AgentRegistrationServiceUrl parameter specifies a link and port to connect to agentregistrationapi application.
The AgentServiceUrl parameter specifies a web - address and port to connect to agentserviceapi application.
If you use a proxy is used on workstations where the client agent is installed, specify the ProxyEnable and ProxyServer parameters (proxy server URL).
Info | ||||
---|---|---|---|---|
| ||||
|
|
|
|
|
|
|
Here is an example of a .reg file to connect to Indeed CM Axidian CertiFlow server named srv.demo.local via https HTTPS protocol and 3003 port using the proxy server https://192.168.10.10:443.
Code Block | ||||
---|---|---|---|---|
| ||||
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IndeedCMAxidianCertiFlow\Agent] "AgentRegistrationServiceUrl"="https://srv.demo.local:3003/agentregistrationapi/" "AgentServiceUrl"="https://srv.demo.local:3003/agentserviceapi/" "ProxyEnable"="1"dword:00000001 "ProxyServer"="https://192.168.10.10:443" |
Warning |
---|
Distribute the registry file and make changes to user workstations’ settings. For the changes to take effect, restart To apply changes, reboot the workstation with Indeed CM Axidian CertiFlow Agent installed or restart Indeed CM the Axidian CertiFlow Agent Serviceservice. |
Divbox | |
---|---|
|