• Enterprise roles can be managed from left menu by navigating Enterprise > Manage > Roles.
  • Two roles with name of “Enterprise Users” and “Applicant Representative“ will be added when a new enterprise is registered.



 

               


An operator can add, update and delete enterprise roles. By default, only one role is created when an enterprise is registered. 


                   



  1. Once an operator Adds or Edits a role, the module section form will appear with all available modules. The operator can set the role as 'Default'. 
  2. The operator can add Role by clicking on the Plus button. 
  3. The operator then needs to enter the name and description, and can also set that role as default by ticking the check box Default


 

                             



The operator can edit the Role by clicking on the Edit button, that contains the following three tabs: 


  1. Modules
  2. Certificate Management 
  3. Login Authentication 




                           


Assigning Modules to a New Role


Once an operator creates a new role, he can assign the following modules against each role:


  • Certificate Center
  • Desktop Signing
  • Device Enrolment
  • Enterprise



Allow a Role to Read, Add/Edit and Delete options against the allowed modules:


When an operator creates a new role, all options to Read, Add/Edit and Delete against the allowed modules are unchecked. 


He can choose from these options to assign it with the role for allowed modules.


For instance, an operator can assign the 'Delete' option to a role, as displayed in the image below:


                           


In case of existing roles, the 'Delete' option will be editable. 

Certificate Management 


  1. A user can create specific certificates by using different configurations.
  2. A user will be able to manage certificate key generation for the following:


  • Server-side keys and certificates 
  • Certificates with CSR
  • Keys on Smart card/ Token 
  • Device Enrolment 


An operator can also control certificates based on purpose and profile names. These will be filtered by the profiles allowed in the service plan.

If a service plan is updated and the profiles are changed then it will be removed from roles, as the feature is disabled from the service plan. 


An operator can now control the SDN and SAN extensions for Certificate Request via Roles > Certificate Management > Certificate Details as displayed in the screenshot below:



                       

                                                                         

 


Login Authentications 


An operator can configure primary authentication and secondary authentication for login using roles as displayed below:


(If Secondary Authentication is enabled in the service plan, it will also appear in the same section)