Client agent
In the Agents section, you can find all agents registered in Axidian CertiFlow.
Prerequisites
To allow access to the agent repository:
- Open the Configuration Wizard, go to System features → Client Agent and activate the Enable client agent option.
- Open the Management Console, go to Configuration → Roles and assign the Viewing agent repository privilege to the members of the administrator or operator role.
If the Automatic agent registration option is disabled in the Configuration Wizard, after the agent is installed and configured on a workstation, it appears in the Agents section of the Management Console in Pending status.
Search filters
To find agents, set the following filters:
- Name – by default, agent name is the name of the workstation where agent is installed. You can change the name in the agent profile.
- Status – agent current state: Not set, Pending, Accepted, Denied.
- Computer name – DNS name of the workstation where agent is installed.
- System version – version of the operating system of the workstation where agent is installed.
- IP address – IP address of the workstation (IPv4 or IPv6) where agent is installed.
- Comment – comment specified by the administrator in the agent profile.
Search templates
- exact match –
Win7x86.domain.loc - partial match –
*86.domain.locor*domain* - all results –
*
To go to the agent profile, click on the agent name in the search results. Click Accept to confirm the registration request or Decline to decline the request.
Agent profile
In the agent profile, you can check information about agent, user sessions, cards binded to the agent and recent events.
- Agent name – by default, agent name is the DNS name of the workstation where agent is installed. To edit the agent name, click Change name.
- Comment – to set or edit a comment, click Edit comment.
- Sessions – user sessions or service sessions. There are two types of user sessions:
- Console – the user has logged in to the workstation directly.
- Terminal – the user has connected to the workstation remotely (for example, using RDP).
- Bound cards – list of cards binded to the agent.
- Recent events – the last five events related to the agent's operation.
Bind agents to cards
The agent automatically detects cards connected to the workstation and requests a list of tasks from the Axidian CertiFlow server. In this case, it is not necessary to bind the user's card to the workstation.
Associating cards with agents allows you to manage cards remotely. For more information, see Manage cards usage
To bind a card to an agent:
- In the agent profile, go to Bound cards and click Bind card.
- If the card is available, connect it to the workstation or select it from the list of connected cards and click Bind. If the card is not available, specify its serial number and card type, and click Bind.
The card appears in the Bound cards section of the agent profile.
To unbind a card, click
and then Unbind.
Manage cards usage
You can configure the binded cards usage parameters in policy settings (Agents → Control).
When you connect a card to your workstation, the agent detects the following events:
- The card is not binded to the agent. This may happen when a user has connected another user's card to his workstation.
- The card is not assigned to the user. This may happen when a user authenticated with a smart card binded to the agent and then changed account in the operating system.
Axidian CertiFlow can take the following actions when an agent detects a suspicious event:
- Write event
- Lock user session, write event
- Lock card, write event
- Lock user session and card, write event
In the Timeout before locking the user session (sec.) field, enter a value from 1 to 5 to define the number of seconds that pass before a user session is locked.
To configure the agent to check binding between a user session and the connected card, activate the Enable user card binding option.
If you plan to install agents on workstations outside your company's domain, enable the Consider user card binding on PC that is not joined to domain option.
Set the user notification and agent action for binding violations.
You can use the following attributes in user messages:
- {sn} – a card serial number
- {atr} – a card ATR (Answer to Reset) value
- {model} – a card model
- {label} – a card label
The connected card {model}: {sn} does not match the user session.
Check connected cards
The agent scans all cards connected to a user workstation and logs the following events:
- If there is a card with a blocked user PIN or administrator PIN
- If there were any attempts to enter an incorrect user PIN or administrator PIN
- If an unregistered card was connected to a workstation
The Card Monitor service logs an event when the agent fails to communicate with the Axidian CertiFlow server beyond the defined timeout. Configure this timeout in the Card Monitor section of the Axidian CertiFlow Configuration Wizard.
You can get notifications about the following events:
- Administrator PIN lock detected on the card
- User PIN lock detected on the card
- Attempt to enter an invalid administrator PIN on the card
- Attempt to enter an invalid user PIN on the card
Axidian CertiFlow sends notifications about cards in Issued, Pending, Revoked, Disabled and Assigned status.
You can configure global or local policy notifications.
Card manufacturers with events detection support
| Card manufacturer | Supported events |
|---|---|
| ACS | User PIN block detection Invalid user PIN entry detection |
| Axidian | User/administrator PIN block detection |
| Avest | User/administrator PIN block detection |
| Bit4id | User/administrator PIN block detection |
| CRYPTAS | User/administrator PIN block detection Invalid user/administrator PIN entry detection |
| Cryptovision | User/administrator PIN block detection |
| Feitian | User/administrator PIN block detection |
| HID | Events detection is not supported |
| ISBC | User/administrator PIN block detection |
| Microsoft VSC (TPM) Microsoft Windows Hello for Business (WHfB) | Events detection is not supported |
| Registry | Events detection is not supported |
| RSA | User/administrator PIN block detection |
| Thales Group (Ex Gemalto and SafeNet) | User/administrator PIN block detection Invalid user/administrator PIN entry detection |
| Yubico | Events detection is not supported |
Event log
Agent activity logs are stored in both server and client logs.
To view agent events in the Management Console, go to Events.
The agent on a user workstation writes events to the local Axidian CertiFlow event log and sends them to the server. If the workstation cannot connect to the Axidian CertiFlow server, it stores the events locally and sends them once it establishes the connection.