User profile
In the user profile, you can manage the user's data, cards, certificates, and documents.
To navigate to a user profile, find the relevant user in the Users section and click on their login.
Upload a photo
A photo appears in the user profile if it is saved in the user's catalog profile.
To add a photo, click Upload photo.
Photo upload requirements
- The user photo is written to either the
thumbnailPhotoorjpegPhotoattribute. Select the attribute in the user catalog settings in the Axidian CertiFlow Configuration Wizard. - The user catalog service account must have write permissions for the selected attribute.
- The photo size must be 100 KB or smaller.
Unlock a user
Axidian CertiFlow features a user account lockout mechanism in addition to card blocking.
Axidian CertiFlow locks a user account if the user exceeds the number of attempts to answer security questions. This occurs either during an online card unlock operation or when a user signs in to the Remote Self-Service.
You can configure the number of attempts to answer security questions in policy settings (Authentication).
A locked user cannot log in to the Remote Self-Service or unlock a card using Axidian CertiFlow Credential Provider.
If both the card and the user account are locked, you can unlock the card without unlocking the user:
- Open the Configuration section, navigate to the policy settings and go to Workflow → Administrator permissions.
- Clear the Validate answers to security questions option.
If a user account is locked, Axidian CertiFlow records an event in the Event Log, and the user's profile displays the User is locked status.
To unlock a user, open their profile and click Unlock user.
Reset answers to security questions
You can reset the user's security questions and their answers. The user must then set new questions and answers in the Self-Service.
To reset a user's security questions, click Reset answers to security questions in the user profile.
Reset a user's password
You can reset a domain password if a user needs to log in to the operating system using a password. For example, if they have forgotten their card with an authentication certificate and do not know their domain password.
- The Use LDAPS option is enabled in the user catalog settings of the Axidian CertiFlow Configuration Wizard
- The user catalog service account has the Reset password and Write pwdLastSet permissions
To reset a user's password:
- In the user profile, click Reset user password.
- Set a new password.
- (Optionally) Enable the User must change password at next logon option.
- Set the password's expiration period. When this period expires, the password value changes to a random one. The Card Monitor service performs the password change.
How to start the Card Monitor service
The Card Monitor service starts automatically on a daily schedule configured in the Card Monitor section of the Axidian CertiFlow Configuration Wizard.
To start Card Monitor manually:
Windows OS
Open PowerShell as an administrator on the Axidian CertiFlow server and run:
C:\Program Files\Axidian CertiFlow\CardMonitor\Certiflow.CardMonitor.exe
Linux OS
Open a terminal as an administrator on the Axidian CertiFlow server and run:
cd /opt/axidian/certiflow/cardmonitor && ./Certiflow.CardMonitor
The new password is not saved in the Axidian CertiFlow database.
View user events
The user profile displays information about the five most recent user events.
To refresh the event list, click 
. To view detailed information about an event, click 
. To see the full list of events, click View all.