- About
- Products
- Services
- Locations
- Partners
- Developers
- Resources
- News/Events
- Customers
Entrust Authority Auto-enrollment Server
Entrust Authority™ Auto-enrollment Server is an optional add-on to Entrust Authority™ Security Manager that, together with Entrust Entelligence™ Security Provider for Windows®, introduces the capability to automatically enroll users and computers for managed certificates when using a Windows® platform. This optional server simplifies deployment as enrollment is transparent to the Administrator and automated for machine certificates and the end user. The level of transparency to the end user depends on the user key store selected for key protection. Lifecycle support provides automatic and transparent key updates for simple management and to prevent unmanaged certificate expiry. Auto-enrollment Server provides a framework for propagation of certificates used by applications running on machines as well as propagation of certificates used by end users.
Automatic enrollment for managed certificates when machine boots
Enrollment is done transparently, based on available machine authentication mechanisms and Auto-enrollment Server configurations settings, without requiring any user input. Automatic enrollment provides a means to deliver managed device IDs to Windows based devices including desktops, laptops, Web servers and Domain Controllers. Certificates on these devices enable public key infrastructure (PKI) applications including Smart Card Logon, VPN, 802.1x machine Authentication, Secure Sockets Layer (SSL) and Web Authentication.
Automatic enrollment for managed user certificates when user logs in
Automatic enrollment is done automatically, as the user logs on to Windows, based on available machine authentication mechanisms and Auto-enrollment Server configurations settings. The level of transparency depends on the key storage option chosen to protect the user's keys. Automatic enrollment can be used to issue certificates to users and to enable Windows based public key infrastructure (PKI) applications including Smart Card Logon, VPN, 802.1x Wireless Authentication, Secure/Multipurpose Internet Mail Extension (S/MIME), Secure Sockets Layer (SSL) and Web authentication.
Flexible key storage options include:
- Entrust Security Store (EPF file) - stored locally or on Roaming Server
- Smart Cards or Tokens
- Windows key store
Broad Repository Support
Entrust Authority Auto-enrollment Server supports a wide variety of LDAP-compliant directories including Active Directory.
Manual or Automatic Certificate Requests
Auto-enrollment Server enables organizations to tailor the Server for varying requirements including manual or automatic approval of initial or renewal certificate requests. If configured for manual approval, certificate requests are held in a queue for approval by one or more administrators. Once the request has been approved the enrollment completes automatically.
Learn more about the technical specifications for Entrust Authority Auto-enrollment Server 