emSign Knowledge Base
  • emSign
  • Getting Started
    • About emSign
    • Why emSign?
    • Key Highlights
      • Root Store Listings
      • Trust
      • Security
    • Certificate Lifecycle and Key Management Platform (CERTInext)
  • emSign CERTInext
    • Overview
    • Getting Started
      • Enterprise Sign up
      • Partner Sign up
      • Retail Customers
      • Multi-factor & Trusted login
        • Multifactor Authentication and Single Sign On
        • Enforce 2FA
        • IP Restrictions
        • Digital Certificate based login
      • Alerts and Notifications
    • User and Group Management
    • Ordering a Certificate
      • As a Customer
        • DV certificates
        • OV Certificates
        • EV Certificates
        • SMIME Certificates
        • Intranet SSL Certificate
        • IGTF Certificates
        • Subscription Plan Coverage for SSL Products
        • Group-based Certificates Ordering
        • Ordering using Custom Fields
      • As a Partner
        • Order for Customers
        • Order for Sub-accounts
      • Requester Approval Workflows
        • EV requests by Authorized Signatory
        • Certificate requests by Administrator
      • Submitting a Certificate Signing Request (CSR)
        • Submit CSR for Pending Orders
        • Replace CSR for Pending Orders
      • Downloading Certificates
        • Download Interim DV
        • Download Certificate
      • Post Order Actions
        • Renew Certificate
        • Revoke an issued Certificate
        • Reissue Certificate
        • Add / Remove SANs for Multi-Domain SSL
    • Management
      • Domains
      • Organizations
      • Orders
      • Products
      • Templates
        • CSR Templates
        • Provisioning Templates
    • Integrations
      • Using APIs to Order
        • REST APIs
        • ACME APIs
      • Tools
        • eMudhra Certificate Utility Tool
        • eMudhra emSign Click Tool
          • Procedure for installing Certificate in HSM
          • Procedure for Attested CSR Generation
      • CA Connectors
    • Billing & Payments
      • Add Credits
      • Invoices
      • Statement (Ledger Statement)
      • Product Price List
    • Reports
      • Orders Report
      • Overall Statistics
      • Certificates Report
      • Key Store Report
      • Key Report
      • Sales Summary
      • Audit Logs
    • Settings
      • Reporting Tags
      • Manage Schedules
      • Custom Fields
    • Certificate Lifecycle Management
      • Discover Certificates
      • emSign CERTInext Bot
    • Key Lifecycle Management
      • Manage Keys
      • Key Profiles
      • Key Store
  • Consent Management
  • Certificate Approval Process
    • Domain Validation (DV) Process
    • Organization Validation (OV) Process
    • Extended Validation (EV) Process
    • User Certificates Process
    • SMIME Certificate Process
    • Qualified Sources
  • Certificate Installation
    • Before you install
    • Browser Compatibility
    • emSign's Security Seal
    • Installing SSL Certificate on IIS
    • Installing SSL Certificate on cPanel
    • Installing SSL Certificate on Amazon Web Services (AWS)
    • Installing SSL Certificate on Apache
    • Installing SSL Certificate on Plesk 12
    • Installing SSL Certificate on NGINX
    • Installing SSL Certificate on Google App Engine
    • Installing SSL Certificate on WHM
    • Installing SSL Certificate on Ubuntu
    • Installing SSL Certificate on Tomcat
    • Installing SSL Certificate on Heroku
    • Installing SSL Certificate on Bigcommerce
    • Installing Root & Intermediate Certificates for Intranet SSL
    • Supported Devices for auto-provisioning of certificates
    • SSL/TLS Server Rating Guide
  • Release Notes
    • Introduction
    • R1619 (07-Apr-2025)
    • R1591 (10-Mar-2025)
    • R1581 (28-Feb-2025)
    • R1553 (31-Jan-2025)
    • R1522 (31-Dec-2024)
    • R1490 (29-Nov-2024)
    • R1460 (30-Oct-2024)
    • R1427 (27-Sep-2024)
    • R1371 (02-Aug-2024)
    • R1354 (16-Jul-2024)
    • R1300 (23-May-2024)
    • R1251 (04-Apr-2024)
    • R1230 (14-Mar-2024)
    • R1196 (09-Feb-2024)
    • R1167 (11-Jan-2024)
    • R1152 (27-Dec-2023)
    • R1139 (14-Dec-2023)
    • R1124 (29-Nov-2023)
    • R1115 (20-Nov-2023)
    • R1101 (06-Nov-2023)
    • R1075 (11-Oct-2023)
    • R1062 (28-Sep-2023)
    • R1046 (12-Sep-2023)
    • R1039 (05-Sep-2023)
    • R1031 (28-Aug-2023)
    • R1024 (21-Aug-2023)
    • R1001 (29-Jul-2023)
Powered by GitBook

© eMudhra. All Rights Reserved.

On this page

Was this helpful?

Export as PDF
  1. emSign CERTInext
  2. Getting Started
  3. Multi-factor & Trusted login

Multifactor Authentication and Single Sign On

Multifactor Authentication and Single Sign On

Role-based access control

The emSign CERTInext platform offers six roles, each designed to address specific responsibilities and access requirements within the system:

  • Administrator

  • Manager

  • Finance Manager

  • Standard User

  • Basic User

  • Discovery User

Administrator

The Administrator role provides full access to the platform, enabling comprehensive management of users, groups, organizations, and financial operations. This role is intended for system overseers responsible for administrative and operational tasks.

Key Access Controls

Full portal access, including the Dashboard.

Manage:

  • Certificates (requests, orders, expiring certificates).

  • Organizations, domains, groups, and users.

  • Private and public Certificate Authorities (CAs) and products.

  • Sub-accounts and price lists for sub-accounts.

Access to:

  • REST and ACME APIs.

  • Financial features.

  • Audit logs and tools.

  • Reports and account settings.

Create user invitations and assign roles.

Manager

The Manager role focuses on overseeing groups, users, and orders while managing sub-accounts and associated group features. This role excludes full administrative and financial permissions.

Key Access Controls

Dashboard access (billing alerts, low credit alerts, and self-orders tracking).

Manage:

  • Organizations and domains.

  • Groups (including credit allocation) and users.

  • Private and public CAs and products.

  • Sub-accounts and price lists for sub-accounts.

Access to:

  • REST and ACME APIs.

  • Financial features.

  • Audit logs, reports, and tools.

Finance Manager

The Finance Manager role is tailored for managing financial operations, such as fund allocation, price lists, and finance-related features, without broader administrative control.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

  • Groups (credit allocation) and users.

  • Sub-accounts and price lists for sub-accounts.

  • Private and public CAs and products.

Access to:

  • REST and ACME APIs.

  • Financial features.

  • Audit logs, reports, and tools.

Standard User

The Standard User role allows for requesting certificates and accessing group orders. It includes broader access than the Basic User but lacks administrative permissions.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Manage:

  • Private and public CAs.

Access to:

  • REST and ACME APIs.

  • Reports, tools, and profile settings.

Basic User

The Basic User role provides minimal permissions, focusing on personal tasks such as requesting certificates and managing profile information.

Key Access Controls

Dashboard access (billing alerts and self-orders tracking).

Access to:

  • REST and ACME APIs.

  • Reports, tools, and profile settings.

Discovery User

The Discovery User role is dedicated to users responsible for certificate discovery operations. This includes tasks such as key management, key store handling, and accessing discovery-related features.

Sub Account User

Sub Account User role is dedicated only to the Partners. Partner can create a user role as Sub Account User and assign them to a group.

Custom Roles

To create a Custom Role, go to Settings > Users> Custom Roles

The Custom Roles module offers administrators the ability to create highly customized user roles with detailed permission controls.

Key Features:

  • Administrators can create user roles instead of using generic roles, they can design roles based on tasks, departments, or job functions.

  • Granular Permission Control: administrators to define permissions at a very granular level. This includes controlling who can access particular features, data, and actions within the CERTInext platform.

  • User Mapping: Administrators can assign users to the roles they create, mapping specific users to the appropriate role with the corresponding permissions.

PreviousMulti-factor & Trusted loginNextEnforce 2FA

Last updated 2 months ago

Was this helpful?