The Keyfactor Windows Enrollment
Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). Gateway installs two services:
-
Keyfactor Windows Enrollment Gateway
The main gateway service that receives and processes enrollment requests and other CA
A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.-related functions. -
Keyfactor Managed CA Sync Service
The optional service that synchronizes Active Directory account (user and group) information from the local forest
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. to the managed environment.Note: Account synchronization is not supported if OAuth is used as the authentication option to connect to the managed instance of Keyfactor Command.
By default, these run as Network Service. To update the user running a gateway service, see Start the Gateway Services.
During configuration of the gateway, you will enter
The service account that holds the API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. role for the main functionality with the CA and communicates with the managed instance of Keyfactor Command needs to be granted permissions in Keyfactor Command (see Preparing Keyfactor Command for the Gateway).
The service account that holds the Web Proxy role for account synchronization and communicates with the Keyfactor Gateway Receiver does not need any permissions in Keyfactor Command.
Was this page helpful? Provide Feedback