Multi-account Association

Existing account users can create additional accounts by selecting either "Enterprise Account Sign-Up" or "Reseller Account Sign-Up" from the login page of the CERTInext Portal.

1. Navigating to the Account Creation Page:

• Upon clicking Enterprise Account Sign-Up or Reseller Account Sign-Up, the user will be redirected to the respective account creation page, as described earlier.

1. Submitting Required Information:

• Provide all the necessary details on the account creation form.

• Click the "Sign Up" button to submit the request.

1. Account Activation Process:

• An account activation email will be sent to the registered email ID.

• Open the email and click the "Activate Account" button to continue.

1. Account Authentication:

• Clicking the "Activate Account" button will redirect the user to the Account Authentication page.

• The password for the existing account will be auto-filled on this page.

• Click "Authenticate" to proceed.

1. Successful Authentication:

• A confirmation message, "Account Authenticated Successfully", will be displayed upon successful authentication.

1. Logging into the Portal:

• After authentication, the user can log in by entering their email ID and password.

• Click the "Sign In" button to proceed to the Choose Your Account to Sign In page.

1. Choosing an Account:

• A list of all Reseller and Enterprise accounts associated with the user will be displayed.

• Click the "Proceed" button next to the desired account to continue.

1. Account Expiration Notification:

• If any Reseller or Enterprise account has expired, the status will be clearly displayed on the account selection page.

User and Group Management

Users

• By default, last 10 users be viewed as shown below.

• The list of users can be filtered & searched by Name. Click the "Search" button to apply the filter.

Create User to your account

To create a new user for your account:

· Click the "New User (+)" option to navigate to the Add User creation screen.

Fill in the following details:

· Name

· Email

· Mobile Number

· Designation

· Employee ID

Group Access Options:

· If the group access checkbox is selected, the administrator can restrict the user to specific groups.

· If unchecked, the user will have default access to all groups.

Role Assignment:

· Use this option to assign a role to the user. The permissions available to the user will vary based on the assigned role.

· Click the "Save" button to finalize the process.

An account activation email will be sent to the provided email address, including a link to activate the user account.

Post-Creation Management

Edit User Information: Once the user is created, administrators can edit the user details or adjust group access.

User Activation

The new user will receive an account activation email containing the account name and an activation link.

Upon activation, the user can access the account with permissions based on the assigned role.

Group Management

Groups can represent cost centres, business units, projects, or similar organizational units. Administrators can manage and customize groups to streamline access and certificate management.

Adding and Managing Groups

Default Group

• A default group is pre-configured in the group menu upon account activation.

• By default, account users cannot add multiple groups. To add multiple groups, the account administrator must request assistance from an eMudhra Account Manager.

Filtering Groups

• Use the Group Name filter to search and filter the list of groups, as shown below.

Configuring a New Group

· Enter the Group Name.

· Provide a Short Description.

· Upload a Logo (if required).

Use the access configuration to control group visibility:

· Checked: Restrict access to specific users.

· Unchecked: Grant group access to all users by default.

Specify the certificate request settings for Organizations and Domains associated with the group.

This feature allows administrators to tailor group configurations to meet organizational requirements effectively.

Organizations

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

· All- If this option is selected, the group will have access to all organizations within the account.

· Specific- If this option is selected, the administrator can restrict the group’s access to specific organizations available in the account.

Domains

Administrators can configure certificate request permissions for groups using the "All" or "Specific" options for Organizations.

· All- If this option is selected, the group will have access to all domains within the account.

· Specific- If this option is selected, the administrator can restrict the group’s access to specific domains available in the account.

Finance

Administrators can define the payment mode for certificate requests using the Finance option. This ensures that payment settings are aligned with organizational policies and requirements.

Deduct from Account Balance

If this option is selected at the new request level, the amount for any certificate request placed using the group will be deducted directly from the group's balance.

Allocate Credits to the Group

Check the "Allocate Credits to this Group from Account Balance" option.

Enter the following details:

· Amount: Specify the amount to be allocated.

· Supporting Document: Attach relevant documentation (if required).

· Remarks: Add any remarks for reference.

Upon allocation, the specified amount will be debited from the account balance and credited to the group.

This feature enables efficient fund management and ensures that group-level balances are appropriately maintained.

Enforce Spend Limit

Administrators can set spending thresholds for groups to manage and control expenses:

Enable Spend Limit:

· Check the "Enforce Spend Limit" option to activate spending restrictions for a group.

· A threshold amount field will appear.

Set Threshold Amount:

· Enter the desired threshold amount for the group.

· This ensures that spending does not exceed the allocated limit, providing better financial oversight.

This feature helps in maintaining budgetary control and ensuring accountability at the group level.

Deduct from Group Balance

Enable this option to allow deductions directly from the group's balance for any certificate requests made using the group.

When this option is selected, any charges for new requests will automatically be debited from the group's allocated balance.

Allocate Credits to the Group

To allocate funds to a group, follow these steps:

· Select the "Allocate Credits to this Group from Account Balance" checkbox.

· Enter the following details:

Amount: Specify the amount to allocate.

Supporting Document: Attach relevant documentation if required.

Remarks: Add any notes or comments related to the fund allocation.

· Upon saving, the specified amount will be debited from the account balance and credited to the group.

This functionality allows precise control over group-level finances and ensures efficient resource management.

Upon clicking on "Save" button a group will be created in the account as shown below.

Managing Group Information

Once a group is created in the account, administrators can view, edit, and manage its details.

View Group Information

Click on the Group ID to navigate to the Group View page, as shown below. This page displays:

• Group details such as name, description, creator, and associated information.

• Financial details, including the "Deduct from Account Balance" option.

Credits Management

Allocation/Deallocation History: A grid is available to display all credit and debit transactions, including transaction IDs and the amounts.

Allocate/Deallocate Credits: Use the "Edit" button or click on the Group ID to update credit allocations. This option is available only when the finance configuration for certificates is set to "Deduct from Group Balance". Administrators can manage group credits using the following options:

Allocate/Deallocate Credits to Group

Select this option to credit/debit an amount into the group's balance.

The credited amount will be deducted/added from/to the account balance.

User Access

A list of users with access to the group is displayed, including their roles, employee IDs, and account status.

Edit Group Information

Click on the "Edit" button to:

• Update group details.

• Manage credit allocations.

• Adjust user permissions.

Important Note:

In sub-reseller or enterprise accounts, there is no provision to add multiple groups. All group-related operations and configurations are limited to the default group structure provided within the account.

Multifactor Authentication and Single Sign On

Role-based access control

The emSign CERTInext platform offers six roles, each designed to address specific responsibilities and access requirements within the system:

• Administrator

• Manager

• Finance Manager

• Standard User

• Basic User

• Discovery User

Administrator

The Administrator role provides full access to the platform, enabling comprehensive management of users, groups, organizations, and financial operations. This role is intended for system overseers responsible for administrative and operational tasks.

Key Access Controls

Full portal access, including the Dashboard.

Manage:

· Certificates (requests, orders, expiring certificates).

· Organizations, domains, groups, and users.

· Private and public Certificate Authorities (CAs) and products.

· Sub-accounts and price lists for sub-accounts.

Access to:

· REST and ACME APIs.

· Financial features.

· Audit logs and tools.

· Reports and account settings.

Create user invitations and assign roles.

Manager

The Manager role focuses on overseeing groups, users, and orders while managing sub-accounts and associated group features. This role excludes full administrative and financial permissions.

Key Access Controls

Dashboard access (billing alerts, low credit alerts, and self-orders tracking).

Manage:

· Organizations and domains.

· Groups (including credit allocation) and users.

· Private and public CAs and products.

· Sub-accounts and price lists for sub-accounts.

Access to:

· REST and ACME APIs.

· Financial features.

· Audit logs, reports, and tools.

Finance Manager

The Finance Manager role is tailored for managing financial operations, such as fund allocation, price lists, and finance-related features, without broader administrative control.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

· Groups (credit allocation) and users.

· Sub-accounts and price lists for sub-accounts.

· Private and public CAs and products.

Access to:

· REST and ACME APIs.

· Financial features.

· Audit logs, reports, and tools.

Standard User

The Standard User role allows for requesting certificates and accessing group orders. It includes broader access than the Basic User but lacks administrative permissions.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

• Private and public CAs.

Access to:

• REST and ACME APIs.

• Reports, tools, and profile settings.

Basic User

The Basic User role provides minimal permissions, focusing on personal tasks such as requesting certificates and managing profile information.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Access to:

· REST and ACME APIs.

· Reports, tools, and profile settings.

Discovery User

The Discovery User role is dedicated to users responsible for certificate discovery operations. This includes tasks such as key management, key store handling, and accessing discovery-related features.

Enforce 2FA

To enhance account security, the platform offers the option to enable Two-Factor Authentication (2FA) via T-OTP (Time-Based One-Time Password).

Enabling 2FA

• Check the box for "Enforce 2FA via T-OTP authentication mode" in the Account Configuration settings.

• Note that enabling 2FA is optional and can be configured by the administrator based on company policy.

What Happens After Enabling

Once enabled, users will need to configure T-OTP during their first login by:

· Scanning the provided barcode[M21] .

· Entering the generated OTP.

T-OTP authentication will then apply to all users associated with the account.

This feature ensures an added layer of security for platform access.

IP Restrictions

The IP Restrictions feature enables administrators to restrict access to business data by specifying a range of authorized IP addresses. This ensures secure and controlled access to sensitive information.

Configure IP Restrictions

Select a User: Choose the user for whom the restriction will apply. Alternatively, you can apply the restriction to all users.

Enter Allowed IP Range:

· Specify the Allowed IP Start Address.

· Specify the Allowed IP End Address.

Add Description (Optional): Provide a description for the IP restriction for easy identification.

This feature enhances security by ensuring that only authorized IP addresses can access your business data.

A created IP Restriction Rule can be disabled at any time by the administrator, providing flexibility to adjust access controls as needed.

Adding Credits to your account

Adding Credits

A message to Add Credits will be displayed when the account balance falls below the threshold set by the account administrator.

• Clicking the "Add Credits" hyperlink redirects to Billing & Payments > Add Credits.

• Follow the prompts to add funds and ensure your account balance is sufficient for future transactions

These features ensure smooth account operations by keeping billing information updated and maintaining adequate account credits.

Billing and Payments

Billing & Payments

Add Credits

emSign CERTInext offers two modes of payment to add credits: Online Payment & Offline Payment.

To add credits to your account, navigate to Billing & Payments> Add Credits.

Online Payment

Upon selecting online Payment, the current account balance is displayed at the top.

• Enter the Amount to be credited, then click the Pay button

The system will redirect to the payment gateway. Enter your card details to proceed with the payment

To verify the payment status, enter the Payment ID under the "Recheck Payment Status" section and click the Recheck button.

Offline Payment

• On selecting offline Payment, the current account balance is displayed at the top.

• Enter the offline credits payment details and click the "Make Payment" button.

• Once the "Submit Offline Payment" button is clicked, a thank you message will displayed on the screen. Upon eMudhra finance approval, the amount will be credited into the account.

Invoices

The Invoices page provides a comprehensive list of all generated invoices for your certificate orders and services. From this page, you can download, review, and pay invoices, making it easy to track your organization's billing and payments.

Download Invoice

Via the Certificates Section

· Navigate to Certificates > Orders.

· Open the View Order page for the specific order.

· Click on Download Invoice to download a copy with all payment details.

Via Billing & Payments Section

· Navigate to Billing & Payments.

· Under Action, click on the Download icon next to the desired invoice.

· The invoice will then be downloaded to your system.

Download Credit Note

• To download any credit note, go to Certificates > Orders > View order page.

• This order action will be displayed when the Order status is cancelled (or) Rejected.

• On click of "Download Credit Note" a credit note will be downloaded with all the payment information.