Requirements and Planning

To prepare for implementation of the Keyfactor Mac Auto Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., you need to satisfy the following requirements:

• The environment needs an implementation of Keyfactor Command.
• The root and issuing certificate chain of the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. issuing the certificate used on the web server hosting the Keyfactor Command server needs to be trusted on each Mac where the agent will be used.
• There needs to be at least one user certificate template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. enabled for auto-enrollment in the environment. This template does not need to be created especially for Mac users if a user certificate template for auto-enrollment already exists in the environment. Macs are not template-aware and there are no special template settings that apply to the Mac auto-enrollment process.
• If you plan to use auto-registration, you'll need an Active Directory group containing all your users who will enroll using the agent. You will use this to configure auto-registration in your Keyfactor Command Management Portal (see Auto-Registration).
• If you plan to use a custom logo on the login dialog (see Figure 1: Mac Agent Client Login), you will need to create or locate one. The login dialog supports a logo of about 1.5 x 1.5 inches.