Sectigo.com
Shop Enterprise Partners Resources

Adding administrators

Add an administrator

  • Standard

  • IdP Template

  • IdP

  • Sectigo Authentication Service

  • API

  • Dynamic IdP Template

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select Standard.

  4. Click Next.

  5. Complete the Add New Admin fields based on the information provided in the following table.

    Field Description

    Username

    The administrator’s username for the purpose of identification and access.

    Email

    The administrator’s email address.

    Forename, Surname

    The administrator’s first name (forename) and last name (surname).

    Title

    The administrator’s title.

    Telephone Number

    The administrator’s phone number.

    Street, Locality, State/Province, Postal Code, Country

    The administrator’s address details.

    Relationship

    The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.

    3. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      MS AD Discovery

      The MRAO administrator can access the Settings  MS Agents page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

  8. Complete the Authentication tab fields.

    1. Enter and confirm a password for the new administrator.

    2. (Optional) Select a valid client certificate for use in authentication.

    3. (Optional) Configure SAML IdP by selecting an identity provider and entering the appropriate EPPN.

  9. Click Save.

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select IdP Template.

  4. Click Next.

  5. Provide a name for the IdP template.

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.

    3. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      MS AD Discovery

      The administrator can access the Settings  MS Agents page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

  8. Complete the Authentication tab fields.

    1. Select an identity provider for SAML IdP.

    2. Configure IdP Attribute mapping based on the information provided in the following table.

      Field Description

      cn

      The user’s full name or common name.

      displayname

      A human-readable display name for the user.

      entitlement

      Information about the user’s access rights or permissions.

      eppn

      A unique identifier for individuals within education and research institutions, often resembling an email address.

      givenname

      The user’s first name.

      groups

      Information about the user’s group memberships or affiliations.

      mail

      The user’s email address.

      schachomeorganization

      The user’s organization identifier.

      sn

      The user’s last name or surname.

      uid

      A unique identifier for the user within an organization or system.

  9. Click Save.

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select IdP.

  4. Click Next.

  5. Complete the Add New Admin fields based on the information provided in the following table.

    Field Description

    Email

    The administrator’s email address.

    Forename, Surname

    The administrator’s first name (forename) and last name (surname).

    Title

    The administrator’s title.

    Telephone Number

    The administrator’s phone number.

    Street, Locality, State/Province, Postal Code, Country

    The administrator’s address details.

    Relationship

    The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.

    3. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      MS AD Discovery

      The administrator can access the Settings  MS Agents page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

  8. Click Save.

Once an IdP administrator has been added in SCM, they are sent an email with links to all configured IdPs. They should use the most appropriate IdP link to complete their registration.

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select Sectigo Authentication Service.

  4. Click Next.

  5. Complete the Add New Admin fields based on the information provided in the following table.

    Field Description

    Email

    The administrator’s email address.

    Forename, Surname

    The administrator’s first name (forename) and last name (surname).

    Title

    The administrator’s title.

    Telephone Number

    The administrator’s phone number.

    Street, Locality, State/Province, Postal Code, Country

    The administrator’s address details.

    Relationship

    The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.

    3. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      MS AD Discovery

      The administrator can access the Settings  MS Agents page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

  8. Click Save.

Once created in SCM, the administrator can access SCM using a Sectigo Authentication Service account with the same email address. This account can be created from the SCM login page.

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select API.

  4. Click Next.

  5. Complete the Add New Admin fields based on the information provided in the following table.

    Field Description

    Username

    The administrator’s username for the purpose of identification and access.

    Email

    The administrator’s email address.

    Forename, Surname

    The administrator’s first name (forename) and last name (surname).

    Title

    The administrator’s title.

    Telephone Number

    The administrator’s phone number.

    Street, Locality, State/Province, Postal Code, Country

    The administrator’s address details.

    Relationship

    The nature of the administrator’s relationship with the organizations or departments that they are delegated to (such as, employee or third party).

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. For RAO and DRAO administrators, select the certificate types and organizations or departments that can be managed.

    3. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      MS AD Discovery

      The administrator can access the Settings  MS Agents page, download and install MS Agents, and view the certificates and web servers discovered by MS Agents by scanning respective AD servers.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

  8. Complete the Authentication tab fields.

    1. Click Set Password, and provide a password for the new administrator.

      You can choose to provide a password at a later time. However, the admin will not be able to log in until the password has been configured on the Authentication tab of the Edit API Admin dialog.

    2. (Optional) Select a valid client certificate for use in authentication.

  9. Click Save.

You can create a maximum of two dynamic IdP templates — one for RAO admins and one for DRAO admins.

  1. Navigate to Settings  Admins.

  2. Click the Add icon.

  3. In the Add Admin Type dialog, select Dynamic IdP Template.

  4. Click Next.

  5. Provide a name for the dynamic IdP template.

  6. Click Next.

  7. Complete the Roles & Privileges tab fields.

    1. Select an administrator role.

    2. Select the certificate types that can be managed.

    3. Select an IdP attribute containing the aliases of the organizations or departments that will be assigned to the IdP administrator.

      Access is granted by matching values entered in your IdP attribute to organization or department aliases in SCM. If during the login no aliases are found, the login attempt will be declined.

    4. Assign administrator privileges based on the information provided in the following table.

      Field Description

      Allow creation of peer admin users

      The administrator can create other administrators of their own level or lower.

      Allow editing of peer admin users

      The administrator can edit other administrators of their own level or lower.

      Allow deleting of peer admin users

      The administrator can remove other administrators of their own level or lower.

      Allow DCV

      The administrator can initiate domain control validation for newly created domains.

      Allow SSL details changing

      The administrator can change SSL certificate request details prior to approval.

      Automatically approve certificate requests

      Certificate requests initiated by the administrator are automatically approved.

      Allow certificate revocation

      The administrator can revoke certificates.

      Allow download keys from Key Vault

      The administrator can download certificate private keys stored in Sectigo Key Vault.

      Approve domain delegation

      The administrator can approve domain delegation requests by other administrators of their own level or lower.

      Allow to manage organizations/departments

      The administrator can do the following:

      • Create new organizations

      • View, edit, and delete delegated organizations

      • Create new departments under delegated organizations

      • Manage certificate settings, notification templates, access control lists, and EV details for delegated organizations

  8. In the Authentication tab, select an identity provider for SAML IdP.

  9. Click Save.