Check the Outcome from the Identified Flex Station

This step is part of the workflow for Configuring an Identified Flex Client.

To verify the results of the above configuration, the final step is to log on to Desigo CC from the identified Flex Client station and check that client identification is successful, and the client profile and scope/event/application rights correspond to those configured.

Launch the Identified Flex Client

Perform this procedure to start the identified Flex Client in a browser.

The certificates for identified Flex client have been configured and the identified station object has been created in System Manager.

On the identified Flex station, open a compatible browser. See Supported Browser for Identified Flex Client.

In the address bar of the browser, enter the [Flex Client application URL].
NOTE: The URL is the one that was configured for the Flex Client application in SMC.

In the Select a Certificate dialog box, select the host certificate of the identified Flex client and click OK.

This dialog box displays when the settings for IIS (website and web application) are set to Accept. See SSL Settings and Certificate Selection Popup.

If the dialog does not display, or if you click Cancel, you can still proceed to log into Flex client without client identification. In this case, the Flex client will operate as an anonymous Flex client.

If a Credential Required dialog box appears, enter the Password for the Flex client host certificate and click Allow.

This is the same password that you created when importing the .PFX host certificate with Enable strong private key protection. See Import Certificates into the Flex Station

Note that the Credential Required dialog box may be concealed in the background, behind the browser window.

Enter your Desigo CC user name and click Next.

Enter your password and click Login.

You are logged into the identified Flex client. On the Desigo CC server, if you select the corresponding identified station object in System Manager, the IsLoggedIn property is True, and LoggedUserName shows the user who logged in.

Supported Browsers for Identified Flex Client

Note that the browsers which support identified Flex client are a subset of those which support the anonymous Flex client. Specifically client identification is supported on:

Desktop operating systems:

Windows: Chrome, Firefox and Edge
MacOS: Safari, Chrome and Edge

Mobile operating systems:

Android: Chrome and Edge
iOS: Safari

See the table below for more details.

Operating System	Browser	Flex client identification	Certificate selection popup / password	Remarks
Windows 10	Chrome	Yes	Yes, with password.
	Edge	Yes	Yes, with password.
	Firefox	Yes	Yes, without password.	Need to install client certificate explicitly in the Firefox browser.
MacOS	Safari	Yes	Yes, without password.	Need to provide the user credentials (fingerprints) of the Apple logged in user.
	Chrome
	Edge
	Firefox	No	n/a	n/a
Android 10	Chrome	Yes	Yes, without password.	Need to install client certificate on Android device first.
	Edge	Yes	Yes, without password.	Need to install client certificate on Android device first.
	Firefox	No	n/a	n/a
iOS	Safari	Yes	Yes. Without password.	Need to install certificates on IOS and enable trust for Root. Certificate selection popup is asked first time after deleting browser history every time.
	Chrome	No	n/a	Authentication will be successful, but only anonymous client will work.
	Edge
	Firefox

SSL Settings and Certificate Selection Popup

The following table demonstrates behaviors of SSL settings (Require SSL and combination of Client Certificate settings) for Chrome. This is mainly for TLS/SSL settings of WSI app and not for Client Identification.

SSL Settings	No Certificates with Private Key Installed on PC	One or more Certificates with Private Key Installed on PC	Deployment Scenario
Require SSL- Not Selected	No pop up displays and no client identification necessary as the host is same as server.	No pop up displays and can be ignored as no client identification necessary as the host is same as server.	Standalone Server
Require SSL + Ignore Client Certificate	No certificate popup will display and no client identification possible. WSI communication will remain secure.	No certificate popup will display and no client identification possible. WSI communication will remain secure.	Server and a Remote Web Server (IIS)
Require SSL + Accept Client Certificate	No certificate popup displays and no client identification possible. WSI communication will remain secure.	Certificate pop-up displays with all certificates installed and having the private key. In this case, certificate should be selected and a private key is necessary for Client Identification otherwise client will be treated as anonymous. WSI communication will remain secure.	Server and a Remote Web Server (IIS)
Require SSL + Require Client Certificate	No certificate popup displays and no client identification possible. WSI communication will remain secure.	Certificate pop-up displays with all certificates installed and having the private key. In this case, a certificate should be selected and a private key is necessary for Client Identification. Working with anonymous client is not possible. Here if no certificate selected, you cannot logon. WSI communication will be secure in case of successful logon to the system.	Server and a Remote Web Server (IIS)