Bulk enroll multiple seats
To facilitate the process of enrolling seats, DigiCert® Trust Lifecycle Manager supports bulk enrollment from a CSV file. Use this function to assign multiple enrollment codes at once for certificate profiles configured with the Enrollment Code
authentication method.
You can bulk create seats and assign enrollment codes to them at the same time, or bulk assign enrollment codes to existing seat records in Trust Lifecycle Manager.
Before you begin
You must have at least one certificate profile in your account that's configured with the
Enrollment Code
authentication method.If you will create and enroll the seats in one step, decide how to identify each seat, such as an email address, username, or serial number. The identifier is used to manage the seat and must be unique within each business unit and across other seats of the same type.
Decide whether to specify your own enrollment codes or have the system assign them.
To specify your own enrollment codes, make sure the code length matches the configuration in the Authentication method section of the certificate profile.
For web-based enrollment methods (
Browser PKCS12
,CSR
, orDigiCert Trust Assistant
), you can have the system assign enrollment codes, as long as theEmbed code in enrollment URL
option is enabled in the Authentication method section of the certificate profile. For each seat, the system will generate an enrollment code of the appropriate length and include it in the enrollment URL that gets emailed to the user. The user does not need to manually input the enrollment code.Importante
For enhanced security, DigiCert recommends creating your own enrollment codes and distributing them to users through an out-of-band channel such as SMS.
Prepare the CSV file
Prepare a CSV file for each batch of seat records. You can only enroll one seat type at a time. To bulk enroll different seat types, prepare one CSV file per type.
The first line of the CSV file must contain the names of the fields to include in each seat record.
The remaining lines must contain the field values for each seat record, in the same order as specified in the first line.
You can use the optional
enrollment_email
field to specify the email address for sending enrollment URLs and notifications. If present, it takes precedence over the email address in theseat_id
oremail
fields.
Required fields depend on whether you will create and enroll new seats, or enroll existing ones. Also, whether you will provide your own enrollment codes, or have the system assign them (for web-based enrollment methods).
Create and enroll seats
To create and enroll seats in one step, your CSV file might look like one of the following examples.
Enroll existing seats
To enroll existing seat records, you must include the seat ID values to target, but do not require other general seat fields. Your CSV file might look like one of the following examples.
Bulk enroll seats from the CSV file
To enroll multiple seats in bulk from a CSV file:
From the Trust Lifecycle Manager menu, go to Account > Seats.
Select Manage seats in bulk.
Select the Seat type you want to enroll. You can only bulk enroll one type of seat at a time.
For the Operation, select "Create/Update seats".
Select the enroll the Seats against a profile checkbox to enable this option.
Select an Enrollment code generation method:
System-generated enrollment codes: To have Trust Lifecycle Manager automatically generate the codes and append them to the enrollment URL that gets emailed to each user. This method only works for certificate profiles that use a web-based enrollment method (
Browser PKCS12
,CSR
, orDigiCert Trust Assistant
) and have theEmbed code in enrollment URL
option enabled.CSV file contains enrollment codes: To specify your own enrollment codes in the CSV file you upload. This method works with any certificate profile that uses the
Enrollment Code
authentication method.
Under Select certificate profile, select the profile to issue certificates from. Available profiles depend on the enrollment code generation method you selected above.
Upload the CSV file that contains the data for all the seats to enroll. The CSV file must have the format described in the preceding section.
As soon as you upload a valid CSV file, the system enrolls the corresponding seat records. To see a report of all the enrolled seats and the status of each, select the Download results JSON link.
When you're finished, select the Ok button to return to the main Account > Seats page.
What's next
If the certificate profile uses a web-based enrollment method (
Browser PKCS12
,CSR
, orDigiCert Trust Assistant
):When you enroll the seat, an email is sent to the address in the seat record. The email includes the enrollment URL and instructions for how to request a certificate.
If you assigned your own enrollment codes, provide them to users via a secure out-of-band channel (for example, SMS). To request a certificate, the user can open the enrollment URL in their web browser and enter the enrollment code to authenticate the request.
If you had the system assign enrollment codes, the code is included in the enrollment URL for each seat. To request a certificate, the user can open the enrollment URL in their web browser and enter the basic certificate details. They do not need to manually input the enrollment code.
For other enrollment methods, the way you request a certificate varies and may include APIs or third-party tools. Submit the enrollment code in the appropriate manner based on the platform or client.
To manage enrollment requests, go to the Inventory > Enrollments page in Trust Lifecycle Manager. It includes options to view and reset enrollment codes. To learn more, see Manage enrollment requests.