To install agents on user workstations, follow these steps:

  1. Run the AxidianCertiflow.Agent.-<version number>.en-us.msi from Axidian CertiFlow installation package and follow the wizard instructions. Agent will launch automatically.
  2. Configure the settings required to connect to Axidian CertiFlow server. You can do it via:
    1. Group Policy
    2. Windows Registry

Configuring Agent settings via Group Policy

To add an Axidian CertiFlow administrative template (ADMX), proceed as follows:

  1. Copy the contents of AxidianCertiflow.Client\Misc\PolicyDefinitions folder to the central ADMX file storage of domain controller C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.

    If you use local ADMX file storage, place Axidian CertiFlow templates in C:\Windows\PolicyDefinitions folder.


  2. Open the Group Policy Management console.

  3. Create a new group policy object in the console tree or select an existing one.

  4. Open the context menu and select the Edit item.
  5. In Group Policy Management Editor select Computer Configuration > Policies > Administrative Templates > Axidian CertiFlow > Agent.
  6. Enable the Agent's URL Settings policy and specify its values:
  7. Enable the Agent's URL Settings policy and specify its values:
    • Specify the path to the agentregistrationapi application, located on Axidian CertiFlow server, in the Agents registration service URL parameter.

    • Specify the path to the agentserviceapi application in the Agents service URL parameter.

      Agent registration service URL: https://srv.demo.local:3003/agentregistrationapi/
      Agent service URL: https://srv.demo.local:3003/agentserviceapi/


  8. Link this policy object to a group, which includes Axidian CertiFlow user workstations.
  9. Click Apply and perform policy update.

Policies are updated after you reboot the workstation with agent installed. To force Group Policy updates without rebooting, run the gpupdate /force command.

Additional policies

You can configure additional policies for agents operation: 

  • Agent's timeouts settings

The policy defines:

    • Timeout of requests to agent services (default value is 30 seconds)
    • Frequency of agent status update request (default value is 300 seconds)
    • Frequency of agent settings, bindings, tasks and sessions update request (default value is 30 seconds)
    • Timeout request to disconnect agent from CertiFlow server (default value is 3 seconds)
  • Events caching settings

The policy defines:

    • time limit for the agent to attempt sending events from cache to CertiFlow server (default value is 10 minutes)
    • number of events sent to the server per request (default value is 500 events)
  • Proxy server settings

The policy defines the use of a proxy server when you connect to CertiFlow server.

If the policy is disabled or not set, the proxy server will not be used.
You can set the proxy server address in Proxy server field.

  • Event log settings 

The policy defines the event recording level in the CertiFlow server Event Log:

    • All (default)
    • Errors only
    • Warnings and errors only
  • Tasks caching settings

The policy defines:

    • how often the task cache is updated and how often the task status is sent to the server, if the task status was not reported to the server immediately (default value is 60 seconds)
    • how much time must pass before tasks are removed from cache during the next cache refresh (default value is 300 seconds)
    • how much time must pass before a task canceled by the user can be re-executed (default value is 60 seconds)
  • Smart card status update settings

The policy defines how often the smart card status is checked (default value is 30 seconds):

    • Lock user/administrator PIN
    • User/administrator PIN input retries

Configuring Agent settings via Windows Registry

Create a registry file (.reg) with the following contents:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AxidianCertiFlow\Agent]
"AgentRegistrationServiceUrl"=""
"AgentServiceUrl"=""
"ProxyEnable"=
"ProxyServer"=""


For 32-bit systems, the parameter branch is:

[HKEY_LOCAL_MACHINE\SOFTWARE\AxidianCertiFlow\Agent]

AgentRegistrationServiceUrl specifies a link and port to connect to agentregistrationapi application.
AgentServiceUrl specifies a web address and port to connect to agentserviceapi application.
If you use a proxy on workstations where agent is installed, specify ProxyEnable and ProxyServer parameters (proxy server URL).

  1.  "ProxyEnable"=dword:00000000 - proxy is not used.
  2.  "ProxyEnable"=dword:00000001 и "ProxyServer"="" - default proxy settings are used.
  3.  "ProxyEnable"=dword:00000001 и ProxyServer="<proxy server URL>" - the proxy server specified in the setting is used.

Here is an example of a .reg file to connect to Axidian CertiFlow server named srv.demo.local via HTTPS protocol and 3003 port using the proxy server https://192.168.10.10:443.

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AxidianCertiFlow\Agent]
"AgentRegistrationServiceUrl"="https://srv.demo.local:3003/agentregistrationapi/"
"AgentServiceUrl"="https://srv.demo.local:3003/agentserviceapi/"
"ProxyEnable"=dword:00000001
"ProxyServer"="https://192.168.10.10:443"


Distribute the registry file and make changes to user workstations’ settings. To apply changes, reboot the workstation with Axidian CertiFlow Agent installed or restart the Axidian CertiFlow Agent Service.