Entrust Authority

Administration Services

Entrust Authority™ Administration Services is a Web portal application for facilitating secure registration and administration of Digital IDs issued by Entrust Authority™ Security Manager.

Administration Services includes two web-based services: User Management and User Registration.

Administration Services provides administrators and managers with flexible options to allow distribution of administrative functions throughout the organization. It also provides end users with 'self-service' capabilities to perform some registration and administrative tasks themselves. This can significantly reduce the level of user support required by the Administration team, and free up resources for other security tasks.

Administration Services also provides a queued approval and authorization process to allow organizations to ensure the appropriate level of approval is applied to registration and administrative Digital ID issuance transactions.

User Management Service
The User Management Service is a web-based interface for administrators to use in performing administrative tasks such as creating, modifying or deactivating accounts, approving or canceling tasks and searching accounts. All administrative capabilities are controlled by a centralized policy, implemented at the Entrust Certificate Authority (CA). Administration Services can run the User Management Service as a standalone Web application and it supports secure authentication of administrators through an integral Entrust TruePass™ implementation.

User Registration Service
The User Registration Service provides an interface for end users to access the self-registration and self-administration services provided by Entrust Authority Administration Services. This service can enable users to perform tasks themselves, such as register, create or recover a Digital ID, as well as account management tasks such as change their registration password or reset their account. The User Registration Service can also be run as a standalone Web application. Once a user has created their Entrust Digital ID, it can be used to decrypt, digitally sign and/or authenticate transactions for a broad variety of business applications.

Administration Services is ideal for any multi-site organization that has end users distributed in different offices and requires management of those users locally. It enables localized administration and management of end users, without day-to-day involvement of the Administrative Authority. Administration Services enables:

  • increased administrator productivity
  • decreased deployment time
  • lower total cost of ownership

Both the User Management and User Registration Services deliver a zero-footprint Digital ID creation capability facilitating client-side key generation in a number of key store formats including the entrust profile (.epf), Microsoft CAPI or within the Entrust Roaming profile store. This approach allows organizations to provision Entrust digital IDs without deploying client-side software. However, if deployed with an Entrust client-side application, i.e. Entrust Entelligence Security Provider (ESP), Entrust TruePass, or an application employing the appropriate features within the Entrust Java Toolkit, customers can also benefit from the full lifecycle management of the Entrust Digital ID provided by the Entrust client-side software in communication with the Entrust PKI.

Strong Administrative Security
The Administration Services application enables the ability to have all administrative transactions that are conducted over the Web to be digitally signed leveraging the capabilities of Entrust TruePass™. This ensures the authenticity and integrity of transactions being submitted to the Certificate Authority.

Second-factor Authentication for Administrators
Administration Services provides administrators with the option to store their digital identities on a smart card for second-factor authentication to the administration workstation. Administration Services leverages the smart card log on features native to the Microsoft® Windows® environment.

Enhanced Approval Processes
Administration Services provides an enhanced approval process enabled by an administrative queue within the Security Manager 7.0 database, which allows administrative transactions to be queued for multiple authorizations (unlimited), therefore increasing the security, accuracy and authenticity of the transactions.

Ease of Deployment With Zero-Footprint Digital ID Creation
All upgrades to the Administration Services, whether an update to an existing service or an installation of additional services, are executed against the Administration Services Server with minimal to no impact on the administrators and end-users. A zero-footprint digital identity helps administrators deploy Digital IDs to users quickly without requiring the installation of software on the client desktops.

Administration Services also supports batch user creation of end-users. This drastically speeds deployment time and reduces administrative impact.

Flexible Options for Digital Identity Storage
Administration Services supports the ability to have flexible storage options for the administrator's digital identity depending upon the security policy and requirements of an organization. Administration Services can manage digital identities in the following formats:

  • Entrust desktop digital IDs (.epf)
  • Entrust roaming digital IDs
  • Digital IDs used within the Microsoft Security Framework (MS Crypto API)

Automated Notification When Transactions Completed
Administration Services provides automatic notifications to end users or alternate 3rd parties (i.e. an administrators manager) when any action has been created against a digital identity. For example, Administration Services can notify an end user when their user ID has been created or notify local administrators when one of their end user identities has been revoked.

Auto-Enrollment of Microsoft Desktops and Devices
An optional component of Administration Services is Entrust Authority Auto-Enrollment Server, which can be added for even greater automation of lifecycle management of Digital IDs for end users and devices.

Technical Specifications

White Papers

Entrust Public Key Infrastructure (PKI)

Public key infrastructure or PKI refers to a system that provides certificate management for digital certificates. Digital certificates contain public key pairs that can be used for encryption, digital signature and authentication security. Entrust PKI security solutions help government agencies and corporations to secure their digital identities and information.

Specialized "passport PKI" is used by governments to verify and secure data stored on a chip imbedded in passports issued to citizens. Epassport PKI involves the use of PKI by governments to secure data stored on a chip imbedded in a passport. The government acts as a certification authority that issues the digital certificates used in an ePassport system.

Entrust is a trusted provider of network security solutions that include digital certificates, managed PKI certificates, two factor-authentication, ssl certificates, token authentication, smart card PKI and encryption software.