To enable the dual control, Follow these steps: 

  1. Launch ADSS Server admin console in a web browser. 
  2. Navigate to User Manager > Roles module


  1. Create a new role in Access Control module with module Approval Manager enabled in it. You can also use the Security Officer role which is created as part of the ADSS Server installation if you do not wish to create a new role. Following screenshot details about creating the new role for dual control:



  1. Create a new user using this role. Click here for more details about creating a new user.
  2. Edit the role against the user for which you want to enable the approval manager. e.g. Go>Sign Service as show in the following screenshot:





  1. Logout from the ADSS Server Console so that changes can take into effect.
  2. Re-login to the ADSS Server Console.
  3. Make any change in the modules for which dual control in enabled. When you will Add/Update or Delete anything then following message will be shown:


  1. Log-in to the ADSS Server Console using the security officer certificate
  2. Click the Approval Manager module





  1. You will see the requests that are waiting for approval and you can accept or reject accordingly. 


  1. Once you approved or reject the pending approval then following message will be shown:

Before enabling dual control ensure that at least one user exists with access to the Approval Manager module and also the issuer of this user's TLS client certificate is registered in Trust Manager. When Dual Control is already enabled then the Security Officer must approve the creation of new users before these newly generated users can login.



See also

Using Approval Manager