Keyfactor Command uses groups to control access to the various Keyfactor Command features. The Keyfactor Command Management Portal supports multiple groups with different levels of access to the portal. During the installation, at least one group or user must be entered to grant full administrative access to the portal. After installation, additional groups can be configured through the Keyfactor Command Management Portal to grant more limited access to the portal.
Groups that you may find it useful to identify or add following the initial installation include:
Keyfactor Command Enrollment
Users who are a member of this group or groups may use PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. and/or CSR A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA. enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). through the Keyfactor Command Management Portal. Access control for enrollment is configured in the Keyfactor Command Management Portal after installation is complete.
Keyfactor Command My SSH Key
Users who are a member of this group or groups may acquire SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. keys through the Keyfactor Command My SSH Key portal. Access control for the My SSH Key portal is configured in the Keyfactor Command Management Portal after installation is complete.
Keyfactor Bash Orchestrators
Service accounts that are a member of this group are allowed to auto-register as Bash orchestrators in Keyfactor Command, if auto-registration is configured, providing for more hands-free management of Bash orchestrators. This group is not required if auto-registration with user validation will not be used.
Keyfactor Universal Orchestrators
Service accounts that are a member of this group are allowed to auto-register as Keyfactor Universal Orchestrator The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers.s in Keyfactor Command, if auto-registration is configured, providing for more hands-free management of certificate stores managed by the Keyfactor Universal Orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores.. This group is not required if auto-registration with user validation will not be used.
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. users and groups in this local group and grant access in Keyfactor Command to this domain local group.