Authentication and authorization methods

There are three possible authentication methods that your administrator may enable.

Email — Authentication is achieved by providing an email with a domain that matches the configured enrollment form. An authentication link is sent to the provided email address.
Secret ID — Authentication is achieved by providing an email and a secret ID.
IDP — Authentication is achieved using a configured identity provider (IdP).

Once authenticated to the enrollment form, users may also need to provide additional authorization details to access specific accounts. The authorization methods are as follows:

None — No additional authorization is required to access the account.
Access Code — Authorization is achieved by providing a unique access code.
IDP assertions mapping — Authorization is achieved through identity provider (IdP) assertions.

The exact combination of authentication and authorization methods required depends on the specific enrollment form configuration by your SCM administrator.

Supported authentication methods by certificate type

The Sectigo self-enrollment client supports the following authentication types for certificate enrollment:

Authentication Method	SSL	Client	Code Signing	Device
Email	✓	✓	✓	✓
Secret ID	✗	✓	✗	✗
IDP	✓	✓	✗	✓

Authentication Method

SSL

Client

Code Signing

Device

✓

Secret ID

✗

✓

✗

IDP

✓

✗

✓