Managing administrators
Edit an administrator
-
Navigate to .
-
Select the standard administrator you want to edit, and click Edit.
-
Update the administrator’s personal information.
-
Click the Edit icon in the top right of the Edit Admin dialog.
-
Complete the Edit Standard Admin fields based on the information provided in the following table.
Field Description Username
The administrator’s username for the purpose of identification and access.
Email
The administrator’s email address.
Forename, Surname
The administrator’s first name (forename) and last name (surname).
Title
The administrator’s title.
Telephone Number
The administrator’s phone number.
Street, Locality, State/Province, Postal Code, Country
The administrator’s address details.
Relationship
The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Update the Authentication tab fields.
-
Enter and confirm a password for the new administrator.
-
(Optional) Select a valid client certificate for use in authentication.
-
(Optional) Configure SAML IdP by selecting an identity provider and entering the appropriate EPPN.
-
-
Click Save.
| Updating your identity provider can impact the access of existing administrators created using this template. |
-
Navigate to .
-
Select the IdP template you want to edit, and click Edit.
-
Update the template name.
-
Click the Edit icon in the top right of the Edit IdP Template dialog.
-
Update the template name.
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.
-
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Update the Authentication tab fields.
-
Select an identity provider for SAML IdP.
-
Configure IdP Attribute mapping based on the information provided in the following table.
Field Description cn
The user’s full name or common name.
displayname
A human-readable display name for the user.
entitlement
Information about the user’s access rights or permissions.
eppn
A unique identifier for individuals within education and research institutions, often resembling an email address.
givenname
The user’s first name.
groups
Information about the user’s group memberships or affiliations.
mail
The user’s email address.
schachomeorganization
The user’s organization identifier.
sn
The user’s last name or surname.
uid
A unique identifier for the user within an organization or system.
-
-
Click Save.
| IdP administrators created from an IdP template cannot have their roles and privileges edited unless they are unlinked from the template through the Menu icon in the top right of the Edit IdP Admin dialog. |
-
Navigate to .
-
Select the IdP administrator you want to edit, and click Edit.
-
Update the administrator’s personal information.
-
Click the Edit icon in the top right of the Edit Admin dialog.
-
Complete the Edit IdP Admin fields based on the information provided in the following table.
Field Description Email
The administrator’s email address.
Forename, Surname
The administrator’s first name (forename) and last name (surname).
Title
The administrator’s title.
Telephone Number
The administrator’s phone number.
Street, Locality, State/Province, Postal Code, Country
The administrator’s address details.
Relationship
The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.
-
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Click Save.
-
Navigate to .
-
Select the Sectigo Authentication Service administrator you want to edit, and click Edit.
-
Update the administrator’s personal information.
-
Click the Edit icon in the top right of the Edit Admin dialog.
-
Complete the Edit Sectigo Authentication Service Admin fields based on the information provided in the following table.
Field Description Email
The administrator’s email address.
Forename, Surname
The administrator’s first name (forename) and last name (surname).
Title
The administrator’s title.
Telephone Number
The administrator’s phone number.
Street, Locality, State/Province, Postal Code, Country
The administrator’s address details.
Relationship
The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.
-
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Click Save.
-
Navigate to .
-
Select the API administrator you want to edit, and click Edit.
-
Update the administrator’s personal information.
-
Click the Edit icon in the top right of the Edit Admin dialog.
-
Complete the Edit API Admin fields based on the information provided in the following table.
Field Description Username
The administrator’s username for the purpose of identification and access.
Email
The administrator’s email address.
Forename, Surname
The administrator’s first name (forename) and last name (surname).
Title
The administrator’s title.
Telephone Number
The administrator’s phone number.
Street, Locality, State/Province, Postal Code, Country
The administrator’s address details.
Relationship
The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.
-
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Update the Authentication tab fields.
-
Update password information as required.
Action Steps Set Password
-
Click Set Password.
-
Enter the password.
-
Confirm the password.
Reset Password
-
Click Reset Password.
-
Enter the password.
-
Confirm the password.
Remove Password
-
Click Remove Password.
-
Click OK.
-
-
(Optional) Select a valid client certificate for use in authentication.
-
-
Click Save.
| Updating your identity provider or IdP attribute can impact the access and organizations/departments available to existing administrators created using this template. |
-
Navigate to .
-
Select the dynamic IdP template you want to edit, and click Edit.
-
Update the template name.
-
Click the Edit icon in the top right of the Edit IdP Template dialog.
-
Update the template name.
-
Click Next.
-
-
Update the Roles & Privileges tab fields.
-
Select an administrator role.
-
Select the certificate types that can be managed.
-
Select an IdP attribute containing the aliases of the organizations or departments that will be assigned to the IdP administrator.
Access is granted by matching values entered in your IdP attribute to organization or department aliases in SCM. If during the login no aliases are found, the login attempt will be declined. -
Assign administrator privileges based on the information provided in the following table.
Privilege Description General privileges
Add peer admin
The administrator can create other administrators of their own level or lower.
Edit peer admin
The administrator can edit other administrators of their own level or lower.
Delete peer admin
The administrator can remove other administrators of their own level or lower.
Automatically approve certificate requests
Certificate requests initiated by the administrator are automatically approved.
MS agent management
The MRAO administrator can access the page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.
Download keys from Sectigo Key Vault
The administrator can download certificate private keys stored in Sectigo Key Vault.
Domain privileges
Manage domain validations
The administrator can initiate domain control validation for domains.
Manage domains
The administrator can do the following:
-
Add new domains
-
Edit and delete delegated domains
Approve domain delegations
The administrator can approve domain delegation requests by other administrators of their own level or lower.
SSL certificate privileges
Request SSL certificates
The administrator can request SSL certificates.
Renew SSL certificates
The administrator can renew SSL certificates.
Replace SSL certificates
The administrator can replace SSL certificates.
Revoke SSL certificates
The administrator can revoke certificates.
Manage SSL certificate requests
The administrator can do the following:
-
Change SSL certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage SSL certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Client certificate privileges
Request client certificates
The administrator can request client certificates.
Revoke client certificates
The administrator can revoke certificates.
Manage client certificates
The administrator can do the following:
-
Change client certificate request details prior to approval.
-
Approve or decline a certificate request.
Code signing certificate privileges
Request code signing certificates
The administrator can request code signing certificates.
Revoke code signing certificates
The administrator can revoke certificates.
Manage code signing certificates
The administrator can do the following:
-
Change code signing certificate request details prior to approval.
-
Approve or decline a certificate request.
Device certificate privileges
Request device certificates
The administrator can request device certificates.
Renew device certificates
The administrator can renew device certificates.
Replace device certificates
The administrator can replace device certificates.
Revoke device certificates
The administrator can revoke device certificates.
Manage device certificate requests
The administrator can do the following:
-
Change device certificate request details prior to approval.
-
Approve or decline a certificate request.
Manage device certificates
The administrator can do the following:
-
Edit comments and custom fields.
-
Configure management options such as notifications, locations, and auto-install settings.
Organizational privileges
Add organizations & departments
The administrator can do the following:
-
Create new organizations
-
View, edit, and delete delegated organizations
-
Create new departments under delegated organizations
-
Manage certificate settings, notification templates, and access control lists for delegated organizations
Edit organizations & departments
Administrators can modify the details of existing organizations and departments.
Add departments
Administrators can create new departments under delegated organizations.
Edit departments
Administrators can update the details of existing departments.
Manage organization validations
Administrators can handle the validation process for organizations, ensuring they meet the required criteria.
-
-
Update the Authentication tab fields.
-
Select an identity provider for SAML IdP.
-
Click Save.
Change an administrator’s type
-
Navigate to .
-
Select the administrator you want to change, and click Change Type.
-
Select the new administrator type.
-
Update the administrator’s personal details as needed.
-
Click Next.
-
Update the administrator’s roles, privileges, and authentication details as needed.
-
Click Save.
Managing admin API keys
You can view and manage API keys that belong to you or API type admins.
Add an admin API key
-
Navigate to .
-
Click API Keys.
-
Click the Add icon.
-
In the Add API Key dialog, enter the name for the API key.
-
Click Save.
-
Copy and save the client secret.
-
Click Close.
Edit admin API keys
-
Navigate to .
-
Select the admin whose key you want to edit, and click API Keys.
-
Select the API key, and click Edit.
-
Update the API key name.
-
If needed, reset the client secret.
If you reset a client secret, clients using this API key must be updated to use the new client secret. -
Click the Edit icon.
-
Click OK.
-
Copy and save the client secret.
-
-
Click Save.