Document Signing Manager
This release mainly focused on delivering a new Enrollment Method (“Browser PKCS12”), manual approval flow enhancements and the ability to assign/unassign Administrators to Business Units.
New/Enhancements
Browser PKCS12 Enrollment Method - Support for a new Enrollment Method called “Browser PKCS12”, which allows a user to download a certificate in PKCS12 format (upon Admin manually approving the request), who can then manually install it on the target end-point, e.g. user’s browser or a device. Note: keys and CSR are generated within the browser’s memory and discarded once the certificate is downloaded. We’ll extend this support to the Enrollment Code authentication flow in the next release.
Enhancements to the Manual Approval flow
Support for custom fields that can be set by an administrator when configuring a profile with Manual Approval authentication method, which helps with capturing of extra user enrollment information. Support custom fields are: custom drop-down lists with pre-defined values, or text fields.
When saving a profile configured for Manual Approval flow, the unique Enrollment URL that can be shared with end-users is displayed, without the need to View the saved profile to find out what the URL is.
Assign/unassign Administrators to Business Units - Support for administrator with appropriate Business Unit (BU) management permissions, to assign/unassign other account administrators to a specific Business Unit, in order to limit the scope of the operations to such BU.
Audit Trail Logs - Support for detailed audit trail logs under the "Report & Auditing" menu option.
Header for Public facing web pages - All public-facing web pages (e.g. user enrollment/pickup/success pages) now show a header containing the DigiCert logo. In future, we will allow customers to upload their own logo too.
Note
The footer on public-facing pages will be displayed only if a profile or global account settings have been configured with Administrator Contact details.
Rejection of Enrollments - Ability to reject an Enrollment (associated to a profile configured to use the Enrollment Code authentication method), before user makes use of the Enrollment Code to authenticate and retrieve his certificate.
Known issues
ECDSA keys not supported by the "Browser PKCS12" enrollment method, although a profile can be configured to use such keys. It will be supported on the next release.
Account admins can self-assign themselves to a Business Unit, which prevents them from being able to manage other Business Units within the account, even though they have the "Manage Business Unit" permission.
When rejecting an Enrollment in Created status, Users do not receive an email confirmation of the enrollment being rejected.
Fixes
For User profiles configured with Manual Approval authentication method, we can enroll for a new cert type against the same User Seat ID.
Allow issuance of a certificate against an existing Seat ID (only for Manual Approval flow), once all certificates against the Seat ID have been revoked or expired.