Managing organizations and departments

The name of the organization.

An alternative or extended name for the organization.

During SAML authentication, the Alias attribute is compared with matching IdP attribute values to determine the organization(s) or department(s) the administrator can access.

Additional email addresses to be included as recipients of reports and notifications that are configured to include organization contacts as recipients.

The street address of the organization.

The city in which the organization resides.

The state or province in which the organization resides.

The postal code at which the organization resides.

The country in which the organization resides.

Stands for the legal person identification based on identity type references allowed by the ETSI 319 412-1 standards and requirements.

The name of the department.

An alternative or extended name for the department.

During SAML authentication, the Alias attribute is compared with matching IdP attribute values to determine the organization(s) or department(s) the administrator can access.

Additional email addresses to be included as recipients of reports and notifications that are configured to include organization contacts as recipients.

When configured, certificate and enrollment passwords in the organization must adhere to the rules outlined in the selected policy.

When configured, SSL certificates issued to the organization will expire on the specified day, and, optionally, month.

Expiration occurs on the specified synchronization date closest to, and prior to, the expiry date determined by the certificate term selected on the certificate application form.

The expiry date of certificates that have already been issued does not change but synchronized expiration is inherited upon renewal.

When enabled, applicants can enroll through the Web Service API for SSL certificates managed by the organization.

This option is only available if enabled for your account. For more information, contact your Sectigo account manager.

When enabled, the External Requester field becomes mandatory on all enrollment forms for SSL certificates managed by the organization.

External requester’s are additional email addresses included in the certificate that can be used for notifications. The field can be restricted to accept only email addresses matching a custom regular expression.

This option prevents SSL certificate enrollment via MS Agent.

When enabled, applicants can enroll through the Web Service API for client certificates managed by the organization.

This option is only available if enabled for your account. For more information, contact your Sectigo account manager.

When configured, the selected certificate profile is used during SOAP API enrollment for client certificate managed by the organization.

When configured, copies of client certificates and their accompanying private keys stored in Sectigo Key Vault can also be exported to MS Intune.

When enabled, MRAO administrators can recover the private keys of client certificates issued by this organization. Before client certificates can be issued, a MRAO administrator must generate a MRAO key pair on the Legacy Key Encryption page. The public key is then used to encrypt each new client certificate before it’s securely stored. The private key may be provided to other MRAO administrators and used to recover the private keys of client certificates.

This option can only be configured when an organization is first created, after which it cannot be modified.

When enabled, RAO administrators can recover the private keys of client certificates issued by this organization. Before client certificates can be issued, a RAO administrator must generate a RAO key pair on the Legacy Key Encryption page. The public key is then used to encrypt each new client certificate before it’s securely stored. The private key may be provided to other RAO administrators and used to recover the private keys of client certificates.

This option can only be configured when an organization is first created, after which it cannot be modified.

When enabled, client certificates may include a principal name in addition to the RFC822 name in the Subject Alternative Name (SAN) field.

By default, the principal name is the primary email address of the end-user to whom the certificate is issued.

When enabled, you can configure the principal name to use something other than the primary email address of the end-user to whom the certificate is issued.

When enabled, code signing certificates can be issued to applicants associated with this organization.

When configured, the selected certificate profile is used during SOAP API enrollment for device certificate managed by the organization.

When configured, certificate and enrollment passwords in the department must adhere to the rules outlined in the selected policy.

When configured, SSL certificates issued to the department will expire on the specified day and, optionally, month.

Expiration occurs on the specified synchronization date closest to, and prior to, the expiry date determined by the certificate term selected on the certificate application form.

The expiry date of certificates that have already been issued does not change but synchronized expiration is inherited upon renewal.

When enabled, applicants can enroll through the Web Service API for SSL certificates managed by the department.

This option is only available if enabled for your account. For more information, contact your Sectigo account manager.

When enabled, the External Requester field becomes mandatory on all enrollment forms for SSL certificates managed by the department.

External requester’s are additional email addresses included in the certificate that can be used for notifications. The field can be restricted to accept only email addresses matching a custom regular expression.

This option prevents SSL certificate enrollment via MS Agent.

When enabled, applicants can enroll through the Web Service API for client certificates managed by the department.

This option is only available if enabled for your account. For more information, contact your Sectigo account manager.

When configured, the selected certificate profile is used during SOAP API enrollment for client certificate managed by the department.

When configured, copies of client certificates and their accompanying private keys stored in Sectigo Key Vault can also be exported to MS Intune.

When enabled, MRAO administrators can recover the private keys of client certificates issued by this department. Before client certificates can be issued, a MRAO administrator must generate a MRAO key pair on the Legacy Key Encryption page. The public key is then used to encrypt each new client certificate before it’s securely stored. The private key may be provided to other MRAO administrators and used to recover the private keys of client certificates.

This option can only be configured when an department is first created, after which it cannot be modified.

When enabled, RAO administrators can recover the private keys of client certificates issued by this department. Before client certificates can be issued, a RAO administrator must generate a RAO key pair on the Legacy Key Encryption page. The public key is then used to encrypt each new client certificate before it’s securely stored. The private key may be provided to other RAO administrators and used to recover the private keys of client certificates.

This option can only be configured when a department is first created, after which it cannot be modified.

When enabled, DRAO administrators can recover the private keys of client certificates issued by this department. Before client certificates can be issued, a DRAO administrator must generate a DRAO key pair on the Legacy Key Encryption page. The public key is then used to encrypt each new client certificate before it’s securely stored. The private key may be provided to other DRAO administrators and used to recover the private keys of client certificates.

This option can only be configured when a department is first created, after which it cannot be modified.

When enabled, client certificates may include a principal name in addition to the RFC822 name in the Subject Alternative Name (SAN) field.

By default, the principal name is the primary email address of the end-user to whom the certificate is issued.

When enabled, you can configure the principal name to use something other than the primary email address of the end-user to whom the certificate is issued.

When enabled, code signing certificates can be issued to applicants associated with this department.

When configured, the selected certificate profile is used during SOAP API enrollment for device certificate managed by the department.