Installation AD CS connection

To connect Appterix to the Microsoft PKI, it is sufficient if the domain controller has been assigned the AD CS role.

When installing the EgoMind AD Sync Service, a certificate template for Windows SmartCard authentication (Appterix SmartCard Logon) is automatically created in AD CS.

When using AD CS in the enrollment of Appterix YubiKey Management, the Appterix Agent (client component) sends the certificate request to AD CS via the Appterix server components so that the certificate is created and provided. The certificate is then written to the selected YubiKey.

Download AD Sync Service

You can download the current AD Sync Service in the Appterix administration interface in the field of Downloads under Additional component.

Enter during the Installation that credentials of the respective AD Socket from the EgoMind Platform

connection to AD certification authority

After you have installed the AD Sync Service and logged in with the login data of the respective AD Socket set up, please check whether the synchronization is working correctly.

You can then check whether your AD certificate templates the templates Appterix Smartcard Logon and Enrollment Agent If this is not the case, please check whether the user import specified user member of the AD group certificate issuer If not, we recommend that you go to the Appterix installation directory and change to the ADSyncService/Utils (in the standard C:\Program Files\EgoMind\EMADSyncService\Utils ) and there the EMADSyncService.ControlPanel to open.

There you will find the AD CS Connector Area where you can enter the name of a Domain Admin who had already registered with the system beforehand, as well as the domain.

The certificate template should then be found.

If the certificate template is available and the Enrollment on AD CS Certificates may not be possible, it may be because the in the EgoMind platform under Settings / User Import stored user information did not allow authentication to the domain or the user did not have group membership as certificate issuer Please use the scheme domain\user

If you have multiple AD certification bodies you can use the user import or im AD Sync Control Panel the CA Name of the certification authority to be used. If you leave this field CA Name read The domain controller first listed AD certification authority .