Internal catalog

An internal catalog functionality allows to create accounts for external users in a separate database of Axidian CertiFlow. External users are outside an organization and may need access to specific information or features. You can configure an internal catalog in Microsoft SQL or PostgreSQL.

Internal user catalog is auxuliary to the main LDAP catalog.

Configure a database

1. Create a database.
2. Create a service account.
3. Populate the database with a script from the Axidian CertiFlow installation package.

Microsoft SQL

1. Create a database in SQL Server Management Studio:
   1. In the Object Explorer pane, right-click Databases and select New Database.
   2. Enter a database name and click OK.
2. Use a local SQL service account or an Active Directory service account and grant it the required permissions to manage the database. This service account is used to perform read and write operations in the database.
   1. In the Object Explorer pane, expand the Security section.
   2. Right-click the Logins folder and select the service account from the context menu.
   3. Go to the User Mapping tab and configure the account permissions.
   4. In the Database role membership for section, select the check boxes next to the db_owner and public permissions.
3. Populate the database:
   1. Go to the File menu and click Open.
   2. Select File..., specify the catalog path to the UserCatalog.sql file (\AxidianCertiflow.WindowsServer\Misc) and click Open.
   3. Before running the script, uncomment --USE[<database name>]--GO and specify the name of the database or select it from the list.
   4. Click Execute.

PostgreSQL

1. Create a database in pgAdmin:
   1. Open pgAdmin and connect to the server.
   2. In the Browser section, right-click Databases and select Create → Database....
   3. On the General tab, specify the database name in the Database field, select the service account from the Owner list, and click Save.
2. Create a service account:
   1. In the Browser section, right-click the Login/Group Roles menu item.
   2. Select Create → Login/Group Role....
   3. On the General tab, specify a service account name in the Name field.
   4. On the Definition tab, specify the password in the Password field. Make sure the Account Expires field has the No Expiry value.
   5. On the Privileges tab, enable the Can Login? parameter and click Save.
3. Populate the database. Select the created database in the Browser section, execute the UserCatalog-Postgre.sql script and grant the service account the required permissions:
   1. Select Tools → Query Tool.
   2. Click and specify the catalog path to the UserCatalog-Postgre.sql file (\AxidianCertiflow.WindowsServer\Misc). Click Select.
   3. Click Execute/Refresh.
   4. Click and select Clear Query.
   5. Enter the query text with the service account name:

   GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account name";
   1. Click Execute/Refresh .

Configure a remote connection to the database

1. Open the pg_hba.conf configuration file.

   pg_hba.conf file location

   Windows OS: C:\Program Files\PostgreSQL<version number>\data
   Linux OS: /etc/postgresql/<version number>/main.

2. Add a string in the following format:

   CONNECTIONTYPE DATABASE USER ADDRESS METHOD
   • CONNECTIONTYPE is the name of the connection type. Specify host to use TCP/IP connection.
   • DATABASE is the name of the database.
   • USER is name of the user who accesses the database.
   • ADDRESS is the IP address of the remote Axidian CertiFlow server.
   • METHOD is the user authentication method.

   host AxidianStorage servicepg 192.200.1.0/24 md5

Supported user attributes

Axidian CertiFlow connects to an internal user catalog using the following attributes.

Basic attributes

User attribute	Common name
cn	Common Name
dn	Distinguished Name
givenName	First Name
sn	Last Name
sAMAccountName	Logon Name
email	E-mail

Additional attributes

User attribute	Display name
telephoneNumber	Phone number
countryName	Country/region
stateOrProvinceName	State
localityName	City
streetAddress	Address
organizationName	Organization
organizationUnitName	Department
title	Position

You can edit additional attributes and add custom attributes In the Axidian CertiFlow Configuration Wizard.
How to configure additional attributes in an internal user catalog

After you create an internal catalog, configure a connection to the created database in the Axidian CertiFlow Configuration Wizard in the User Catalog section.