Run the CertiFlow.Server.msi file from the Axidian CertiFlow installation package and follow the wizard instructions to complete the installation. Select an access control method for all system applications.

Axidian CertiFlow system consists of the following services:

  • Management console – icm web application.
  • Self-service – icmservice web application.
  • Remote self-service – icmremote web application.
  • Smart card unlock service – credprovapi web application.
  • API service – icmapi web application.
  • Smart card status monitoring – Card Monitor service, no web application provided.
  • Client Agent services:
    • Agent Registration Service – agentregistrationapi web application.
    • Service for remote task execution – agentserviceapi web application.

Each service has its own configuration files and access settings.

If you select Windows Authentication, the following access control settings will be set: 

  • Authentication:
    • Windows Authentication (other methods are disabled) for icm, icmservice, icmapi applications
    • Anonymous Authentication (other methods are disabled) for credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication and Forms Authentication for icmremote application.
  • SSL Settings:
    • Require SSL for all applications.
    • Client certificates:
      • Ignore for icm, icmapi, icmremote, icmservice, credprovapi, agentregistrationapi applications.
      • Require for agentserviceapi application.

If you select Authentication by user’s personal certificates, the following access control settings will be set: 

  • Authentication:
    • Anonymous Authentication (other methods are disabled) for icm, icmapi, icmservice, credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication and Forms Authentication (other methods are disabled) for icmremote application.
  • SSL Settings:
    • Require SSL – for all applications.
    • Client certificates:
      • Ignore – for credprovapi, icmremote, agentregistrationapi applications.
      • Required – for icm, icmapi, icmservice, agentserviceapi applications.

If the users catalog resides in Active Directory, the certificates used for authentication should contain User Principal Name (UPN). Certificates without UPN cannot be used for logging in to web applications.

After the system is installed, you can set SSL settings for each application separately, using the IIS Management Console.