Configuring the system

Configuring internal settings for Axidian CertiFlow web applications:

Management Console

• Display system summary

• Enable custom log

  The custom log is implemented only for system configuration using the Data Storage in Microsoft SQL and PostgreSQL.
• Own organizational structure
• Integration with Axidian Access
• User's password reset in Active Directory
• Viewing card SO PIN

• Publishing certificates in the file storage

  Publishing certificates is not supported for mounted network drives. Set path to the file storage in this format:

  \\Workstation name\Network directory name

Self-Service

• View card content
• Create TPM Virtual Smart Card (VSC)
• Enroll Windows Hello for Business (WHfB)
• Enable downloads

Event Log:

• Define the user attribute to search in the Event Log. Default value: CN (Common name)
• Configure connection to Unified Event Log for several CertiFlow servers

Microsoft CA: Configure settings for working with Microsoft Certification Authority.

AirCard Enterprise: Configure integration with Axidian AirCard Enterprise virtual smart card server.

Client Agent: Configure Axidian CertiFlow Agent.

Information about users catalog and user attributes . 

The list of tracked user attributes in Microsoft CA certificate templates settings includes the following attributes by default:

• Common name
• E-mail
• User principal name

Defining access settings to system services.

Specify an account to configure user privileges in Roles of Axidian CertiFlow Management Console. 

Card Monitor service controls smart card usage. Operations:

• • Revoking expired temporary cards
  • Deactivating (optional) cards and revoking certificates for users with disabled Active Directory accounts
  • Deleting AD disabled accounts (optional) from Axidian CertiFlow users catalog
  • Revoking and withdrawing (optional) cards for deleted users
  • Setting/resetting a card content status (about to expire/expired)
  • Updating card contents (available if a card is updated through Axidian CertiFlow Agent and the CA operator does not approve certificates automatically)
  • Registering There is no connection from the agent for a long time event in the system log
  • Sending email notifications to system administrators and users about the following events:
    • Expiring user certificates
    • Approve/reject to issue a card
    • Approve/reject to renew a certificate
    • Approve/reject to replace a card
    • Modifying a system policy applied to a user
    • Changing user attributes in users catalog 

For Card Monitor service to work properly, create a service role with an account for Card Monitor in Roles section and define the following privileges for the role:

• Disabling cards
• Updating cards
• Revoking cards
• Cleaning cards
• Unassigning cards
• Removing cards

• Removing AirCard

• Removing record from custom log

  Set privileges to work with virtual smart cards, if AirCard integration is configured.

Summary of all settings and creating a backup copy of Axidian CertiFlow configuration.

When installing Axidian CertiFlow for the first time, save a copy of your configuration settings (option Backup current configuration settings in Confirmation section).

Configuration backup includes all settings, as well as encryption key and algorithm. When deploying new system servers, you can use the backup file - upload it in Restore configuration section.