Interview: Slovenian Card Payment Processor about migrating from Microsoft CLM / FIM to Axidian CertiFlow

Slovenian card payment processor* as part of migration from Microsoft CLM / FIM (EOL) initiated the procedure of purchasing a Card Management System. After the implementation of the Axidian CertiFlow we decided to ask them to share their experience and decision-making process.

Why did you consider implementing a CMS?

We tend to have an organized environment and have previous experience with MS CMS FIM. Clever, efficient, and secure use of digital certificates is extremely important for our organization.

Are there any industrial specifics and tasks unique to you in terms of digital certificates management?

We want to provide good user experience to our customers and have simple and efficient certificate/card management. At the same time, we must follow quite strict PCI DSS requirements which include not using vendor-supplied defaults for system passwords and other security parameters, protecting stored cardholder data, restricting access to cardholder data by business need to know, identifying and authenticating access to system components, restricting physical access to cardholder data, and regularly monitoring and testing networks. 

What was important to your organization when choosing a card management system?

Ability to meet our needs, comply with regulations and seamlessly integrate the product in our environment. Moreover, we value such parameters as efficient tech support, user-friendliness, and intuitiveness of the solution.

Why has your company made a choice in favor of Axidian CertiFlow? Who took the final decision of purchasing Axidian CertiFlow?

Axidian was introduced to us by our partner OSI.si. It was agreed that they could provide us local support based on our long-term good partnership. OSI.si has years of professional experience in implementation and advisory services in the field of information technology and we trust in their advice. However, it is still crucial for us to make sure that all the tasks could be addressed.  So, in terms of the product itself, Axidian CertiFlow is a modern solution that covers all the tasks at hand with a sufficient level of quality. Another important aspect is that Axidian is constantly enriching their products with the robust features that meet the requirements of the industry. Also, we were provided with all the information needed during the evaluation process both from our partner and vendor to make the final decision.
Final decision was made by the system engineer of the Slovenian card payment processor after resolving a problem with 3rd party certificates with the help of the Axidian tech team.

Please, describe the implementation process of Axidian CertiFlow

Regular approach: POC, resolving initial issues followed by pilot implementation & resolving real life problems with additional requirements.

Did you come across any difficulties? How would you describe the work of Axidian technical support?

We have had some issues, but Axidian technical support was excellent with resolving them on time. They were always there to back us up and provide full consultancy service.

If there was a chance to go back to the start of the CMS implementation, what would you do differently? What advice would you give yourself?

We would advise ourselves to write better documentation on our side to make the process less time-consuming.

Which PKI tasks were solved and automated with the help of Axidian CertiFlow?

We have automated the lifecycle management of Yubikey 5 devices used in our organization, and for certificates that are used for authentication on local workstations and over RDP connections (issue, update, revocation, suspension). We have also implemented a scenario to deliver third-party signature certificates in PFX (P12) format to the devices already issued to the users.

If Axidian CertiFlow vanished from your daily routine, what would be your biggest pain now?

Looking for another CMS which would address all the tasks needed or we would have to use scripts, in any case there would be much more work with the PKI user segment.

What processes would be done manually?

Importing 3rd party certificates, unlock/unblock smart to name it a few.

What Axidian CertiFlow features impressed you the most?

Axidian CertiFlow is running smoothly, it is intuitive, easy to deploy and quick to learn. Also we would like to mention that Axidian is flexible regarding customer wishes and demands with good project/sales/tech support and of course, a lot of knowledge.

*The name of the client is not revealed due to the non-disclosure agreement.