Orchestrator Auto-Registration
Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. auto-registration allows you to automatically approve or deny new orchestrators without administrator input, if desired. This is useful in environments hosting a large number of orchestrators. On the Orchestrator Auto-Registration Settings page you define the conditions under which an orchestrator (e.g. Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. or Keyfactor Java Agent The Java Agent, one of Keyfactor's suite of orchestrators, is used to perform discovery of Java keystores and PEM certificate stores, to inventory discovered stores, and to push certificates out to stores as needed.) can automatically be approved using the built-in auto-registration system. This is one of two ways that Keyfactor Command supports orchestrator auto-registration. Keyfactor Command also offers an enhanced orchestrator auto-registration system that allows the construction of custom orchestrator auto-approval handler modules. Any custom auto-registration handlers are processed first before the built-in auto-registration system runs. For more information about custom auto-registration handlers, see Custom Auto-Registration Handlers.
The configurable settings for the built-in auto-registration system are:
-
Auto-Register
Should orchestrators be allowed to auto register? If the Auto-Register box is checked but the Validate Users setting is not checked, any orchestrator that appears in your environment will automatically be approved regardless of origin.
-
Validate Users
Do the user accounts under which the orchestrators are running need to be a member of a specific group in order to auto-register (aka validation)?
-
User Groups
If the user accounts must be a member of a group to auto-register (Validate Users is checked), which group or groups is that (or which user account if all orchestrators will be registering as the same user)? If the Auto-Register setting and the Validate Users settings are both enabled, then this field will be considered. If Validate Users is not checked, this setting will not be displayed.
-
The default auto-registration settings are to allow no orchestrators to auto-register.