Certificate Automation Manager - GlobalSign's PKI Certificate Automation and Provisioning Service for Entra ID and Active Directory Driven Environments
by GMO GlobalSign, Inc.
Fully automate the management and deployment of PKI certificates using active directory policies
Certificate Automation Manager acts as a direct gateway/proxy between your Active Directory/Entra ID and GlobalSign’s PKI provisioning services. This allows the solution to automatically deploy certificates directly to your endpoints without the need for administrator intervention or delays and is suitable for a wide range of use cases such as device or user authentication, SSL/TLS certificates or secure email.
How Certificate Automation Manager works
Certificate Automation Manager utilizes your data and existing permissions and policies within either Active Directory or Entra ID. When a certificate request is generated, Active Directory or Entra ID sends the request to Certificate Automation Manager, which is turn forwards all certificate enrollment requests to GlobalSign’s Provisioning engine (Atlas). Once the certificate is created, Certificate Automation Manager automatically provisions and configures the certificate.
GlobalSign manages the security, high availability, and CA operations, while organizations retain control of users, policies and assets. The integration with Active Directory and Entra ID allows for quick and seamless certificate provisioning without sacrificing control. By configuring Group Policies, the administrator dictates which users or machines are allowed which type of certificates.
Certificate Automation Manager can be used to enroll and issue certificates to all types of Active Directory Objects, including users, servers, desktops, laptops, and Domain Controllers.
Certificate Automation Manager secures connectivity and provides identity services for all your Active Directory or Entra ID integrated users and devices, and can be used for the following use cases:
- Client authentication for users/device/machine accounts
- Client authentication for smart card Logon enabled user accounts
- S/MIME signing and encryption for user email accounts
- Privately trusted SSL/TLS for internal web servers
- Client authentication for mobile devices
Key features and benefits
- PKI Automation - It automates the enrolment, provision, and management of all digital certificates.
- Group policies - Works in conjunction with Active Directory and Entra ID to control which objects receive which type of certificate.
- Quick and Seamless - Automatically provisions certificates as requested without user admin intervention or delays to requests.
- One tool for all - Supports a wide range of certificates and use cases.
- Policy driven - Creation and configuration of policies for quick and easy user/device certificate issuance.
- Mixed Endpoint Environments - The Cross-Platform Agent (XPA) installs easily on any workstation or server for Windows, MacOS and Linux.
- Reporting - Allows for the creation of scheduled reporting on all certificates and status.
- Key Archival, Recovery and Roaming - The ability to archive keys and recover them in the event one is lost and also reduces the time spent replacing and re-issuing. It also allows roaming of keys for users with multiple devices which also reduces the number of keys required for one user.
- SCEP Support - Enables certificate issuance to mobile and networking devices as well as integrations with Intune, JAMF and other Mobile Device management tools.
- ACME Support - Enables automated certificate issuance to any client application such as Linux servers and DevSecOps tools.
- Custom Certificate Templates - Created from the default templates improving onboarding, request processing time, preparation for expanding to other directory services, and being able to run Certificate Automation Manager outside of an Active Directory domain. It also implements validation policy reconciliation with certificate templates to identify any conflicts with the associated validation policy and certificate templates configuration.
- Monitoring Alerts - Allows administrators to configure multiple email addresses that can be notified in the event of service disruptions, upcoming certificate expirations, or domain validation expirations.
- API - Fully featured API which also includes certificate authentication and permissions to the GlobalSign Atlas portal.