An operator can manage enterprise roles from left menu by navigating Enterprise > Manage > Roles.

Two roles with the following titles will be added when a new enterprise is registered:


  1. Enterprise Users
  2. Applicant Representative


Create a new role:

  1. The operator can add a role by clicking on the button. 
  2. The operator then needs to enter the name and description, and can also set that role as default by ticking the check box "Default". 


 


Once an operator Adds or Edits a role, the module section form will appear with all allowed modules. It is on the discretion on the operator to allow read, add/edit and delete options against the allowed modules. The operator can set the role as 'Default'. 



An operator can add, update and delete enterprise roles. By default, only one role is created when an enterprise is registered. 


   

Click and then the Edit button to find the following sections on this screen:


  1. Modules - When an operator creates a new role, all options to "Read, Add/Edit and Delete" against the allowed modules are unchecked. He can choose from these options to assign it with the role for allowed modules.



  1. Certificate Management - A user can create specific certificates by using different configurations and will be able to manage certificate key generation for the following:


  • Server-side keys and certificates 
  • Certificates with CSR
  • Keys on Smart card/ Token 
  • Device Enrolment



Certificate Details


An operator can control the SDN and SAN extensions for Certificate Requests


Click "Roles", then click the tab 'Certificate Management' and from the "Certificate Details" drop down you can define the SDNs and SANs as displayed below:



Certificate Sharing 


Sharing certificates between users of the same organisation is important when one of the users who was managing legal certificates leaves the organisation or is no longer available. In such situation, the other users may not be able to manage certificates. The certificate sharing feature is available so that certificate management of SSL certificates is made easier between the users of the same organisation. 

All profiles that are set in the service plan will be listed except the ones with Document Signing purpose. 


This section will be visible to the persons with the same roles and if "Share Certificate" is enabled in role. 


Tick this checkbox to allow a user to share certificate with other user/users belonging to the same enterprise. This drop down will list the certificate profiles to share certificates that a user will be able to use in the ADSS Web RA web portal. 


  1. Login Authentication - An operator can configure primary authentication and secondary authentication for login using roles as displayed below:


(If Secondary Authentication is enabled in the service plan, it will also appear in the same section)



Click "Save".