Custom Auto-Registration Handlers

With the custom handler system of auto-registration, a handler module is written and compiled into a DLL, which is then registered in the Keyfactor Command configuration and called whenever a new orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. performs an initial registration request, provided there are sufficient licenses available to support the orchestrator. The handler then has the flexibility to call out to an external system such as a database or web service or use any other means to determine whether the orchestrator should be approved and what values should be applied for the blueprint A snapshot of the certificate stores and scheduled jobs on one orchestrator, which can be used to create matching certificate stores and jobs on another orchestrator with just a few clicks., metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates., and orchestrator ClientID.

When an orchestrator first connects to Keyfactor Command, available registration handlers run in sequence to determine if the orchestrator can be automatically approved. A handler will return one of three results: Allow, Deny, and Defer. Handlers are executed in order of registration until one returns Allow or Deny or until all handlers have been executed. Whenever an executed handler returns a response of Defer, the next registered handler will be executed. If any executed handler returns a response of Deny, further processing will cease and the orchestrator will be moved into a Disapproved state. In both of these cases, values returned by the output parameters will be ignored by Keyfactor Command.

If no handler returns a response aside from Defer, the process will continue to the built-in auto-registration system, and if the orchestrator is not approved at the conclusion of that, the orchestrator will be left in the New state for manual approval.