Skip to main content
Skip table of contents

Appendix A - Keyfactor Command Services

Build – PKIaaS EJBCA CA/RA/VA Build Automation

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the PKI as a Service build process, ensuring all components of the hosted system are efficiently deployed and configured in a Keyfactor-hosted environment.

Customer Responsibilities:

  • Customer will provide Certification Authority and Certificate Profile specifications prior to the build automation, otherwise, elect default naming conventions and standardized use cases.

Value Statement:

A streamlined PKIaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases within a Keyfactor hosted environment.

 

Build – CLAaaS – Command

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the Certificate Lifecycle Automation as a Service build process, ensuring all components of the hosted system are efficiently deployed and configured in a Keyfactor-hosted environment.

Customer Responsibilities:

  • Customer will provide Certification Authority and Certificate Profile specifications prior to the build automation, otherwise, elect default naming conventions and standardized use cases.

Value Statement:

A streamlined CLAaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases.

 

Build – On-Prem – Command

Keyfactor Responsibilities:

Keyfactor will conduct instructional working sessions for guided installation and configuration of Keyfactor Command in the customer’s environment. Keyfactor will assist in deploying Command in one of the supported formats mentioned within the official Keyfactor Command documentation.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of Keyfactor Command.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

A series of instructive working sessions led by Keyfactor experts to install and configure Keyfactor Command within a customer’s environment that expedites the enablement certificate lifecycle management.

 

SSO – Command – OAuth

Keyfactor Responsibilities:

Keyfactor will conduct instructional working sessions to configure Single Sign-On for users and groups using OAuth 2.0 authentication within Keyfactor Command. The series of configurations are targeted at Keyfactor products and does not include configurations within a customer’s identity provider.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members and subject matter experts are available and prepared to participate in working sessions.

  • The customer should be aware and knowledgeable of their select identity provider to make necessary configurations to enable OAuth 2.0 authentication to Keyfactor Command.

Value Statement:

This service allows the customer to streamline authentication for users, groups, and machine identities using OAuth 2.0 with Keyfactor Command.

 

SSO – Command – SAML

Keyfactor Responsibilities:

Keyfactor will conduct instructional working sessions to configure Single Sign-On for users and groups to be used for basic authentication within Keyfactor Command. The series of configurations are targeted at Keyfactor products and does not include configurations within a customer’s identity provider or Active Directory.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Allows the customer to use SAML/Basic Auth to authenticate users, groups, and machine identities to Keyfactor Command.

 

Command – API Integration

Keyfactor Responsibilities:

Conduct instructional working sessions to assist with the integration of a select API Integration to Command using Command REST APIs and Command workflows. This service is intended to be used for a single API integration which includes specialized ITSM integrations not supported by native plugins. Custom code, playbooks, SOPs, technical drawings, or technical documents are not included as a part of this service.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

API integrations provide a flexible method for bridging functionality between Keyfactor Command and other platforms. Utilizing the API integration service to integrate an ITSM platform provides the ability to leverage the customer’s ITSM platform to handle certificate requests and workflow approvals. This integration introduces many benefits both for the app and system owners and the PKI admins:

  • Simple, repeatable process for a certificate request and control over corporate certificates

  • Process standardization to avoid duplicate and resource-intensive manual workflows

  • Automate certificate deployment to workloads and apps

  • Automate incident reporting and certificate renewal

Command – Certificate Enrollment

Keyfactor Responsibilities:

Conduct an instructional working session to enable certificate enrollment for a given use case within Command.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The enrollment function in the Keyfactor Command Management Portal allows PKI administrators to request certificates by either submitting a certificate signing request (see CSR Enrollment) or by directly entering request information to receive a certificate delivered as a PFX file (see PFX Enrollment). The certificate file is available for immediate download via the browser or installation into a certificate store providing that the enrollment succeeds, and the request does not require manager approval. 

 

Command – Enablement Training

Keyfactor Responsibilities:

Conduct enablement training sessions for common and specialized functions within Command. These enablement training sessions may include one or more of the following components: Certificate Templates & Regex Validation, Collections, Workflows, Alerts, Reports, Roles, and Metadata.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Hands-on enablement training allows the customer to understand common and specialized functions within Keyfactor Command.

 

Command – Migration Services

Keyfactor Responsibilities:

PKIaaS, CLAaaS, and on-prem migration services for Keyfactor Command and connected components to an upgraded or hosted offering.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Migrate an existing PKI and CLM to Keyfactor Command, whether hosted by Keyfactor or self-hosted in the customer’s environment.

 

Command – Privileged Access Management

Keyfactor Responsibilities:

Conduct instructional working sessions to enable Command to retrieve secrets from a PAM provider (CyberArk, Delinea, HashiCorp, etc.).

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Enables the customer to integrate with their existing PAM provider (e.g., CyberArk, Delinea, HashiCorp, etc) to retrieve secrets for certificate management operations, eliminating the need to pass credentials through the Command user interface.

Command – SSL/TLS Discovery

Keyfactor Responsibilities:

Conduct instructional working sessions to configure and test SSL/TLS Scanning against a given network range within Command.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Hands-on enablement training will allow the customer to configure the SSL/TLS scanning functionality within Keyfactor Command.

 

Command – Venafi Migration

Keyfactor Responsibilities:

Migrate certificate metadata and containers from Venafi to Keyfactor Command.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Reduce the headache and complexity of migrating certificates and containers from Venafi to Keyfactor Command with tools and services to ensure a more seamless transition.

 

Command – Workflow Automation Services

Keyfactor Responsibilities:

Provide dedicated assistance in enabling complex workflows for enrollment validation, certificate management use cases, and outbound REST API calls.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Keyfactor Command workflows allow customers to manage certificate enrollments, renewals, and revocations end-to-end; monitor certificate collections and stores for changes; and alert on certificates, CRLs, and SSH keys approaching expiration. Out of the box there are workflow builder steps, such as requiring approvals for actions like certificate enrollment and revocation requests, sending email notifications, and running PowerShell scripts and API requests as part of the request flow.

 

Gateway – Remote CA (Client) Services

Keyfactor Responsibilities:

Conduct instructional working sessions for a guided installation and configuration of the Remote CA client to enable certificate management of an on-premises certification authority.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The Remote CA Client allows the customer to manage certificates and certificate lifecycle management of an on-premises or remote CA.

 

Gateway – Cloud Gateway Services

Keyfactor Responsibilities:

Conduct instructional working sessions for guided installation and configuration of the Cloud Gateway, on-premises, to enable user or template synchronization.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The Keyfactor Cloud Gateway supports management of digital certificates from a Microsoft CA hosted in a cloud-based environment managed by Keyfactor. The gateway runs and behaves in a similar manner to an Enterprise CA in your local environment without the overhead of needing to manage a full Enterprise CA implementation. This allows the gateway the ability to perform end-to-end certificate lifecycle within the enterprise.

 

Gateway – Windows Enrollment Gateway Services

Keyfactor Responsibilities:

Instructional working sessions for a guided installation and configuration of the Windows Enrollment Gateway, on-premises, to enable on-prem enrollment to PKIaaS.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The Keyfactor Windows Enrollment Gateway supports management of digital certificates in an EJBCA CA hosted in a cloud-based environment managed by Keyfactor. The gateway runs and behaves in a similar manner to an Enterprise CA in your local environment without the overhead of needing to manage a full Enterprise CA implementation. This allows the gateway the ability to perform end-to-end certificate lifecycle within the enterprise.

 

Gateway – AnyGateway / AnyCA Gateway Services

Keyfactor Responsibilities:

Conduct instructional working sessions or hosted installation and configuration of the AnyCA Gateway and a third-party extension to enable certificate management to a third-party certification authority.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The AnyGateway/AnyCA Gateway simplifies the management of multiple third-party certificate authorities (CAs) by unifying API and communication requirements into a single, intuitive interface. It enables seamless integration of third-party CAs with Keyfactor Command.

 

Gateway – EJBCA Remote CA Gateway Services

Keyfactor Responsibilities:

Conduct instructional working sessions for a guided installation and configuration of the EJBCA Remote CA Gateway to enable certificate management.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The EJBCA Remote CA Gateway allows communication with an on-prem or cloud-based EJBCA CA.

 

Keyfactor ACME Services

Keyfactor Responsibilities:

Installation and configuration of a Keyfactor ACME server to enable certificate management with a certificate authority using the ACME protocol.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Customers will be able to retrieve certificates using the ACME protocol and manage the lifecycle of those certificates within Keyfactor Command.

Keyfactor SCEP Services

Keyfactor Responsibilities:

Installation and configuration of a Keyfactor SCEP server to enable certificate management with a certification authority using the SCEP protocol.

Customer Responsibilities:

  • Provide necessary infrastructure and resources: The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • Ensure availability of team members for workshops and training: The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • Review and approve deliverables: The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Customers will be able to enroll certificates using the SCEP protocol and manage the lifecycle of those certificates within Keyfactor Command.

Universal Orchestrator – Base Services

Keyfactor Responsibilities:

Conduct instructional working sessions for a guided installation of a Universal Orchestrator on-premises in the customer environment and establish a connection to Command.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The Keyfactor Universal Orchestrator (UO) is designed to run jobs at the request of the Keyfactor Command server, primarily certificate management tasks, but also includes other types of tasks and operations. The UO and its extension(s) allow jobs to be implemented and executed, including discovering and monitoring SSL/TLS endpoints, retrieving log information, and managing certificates from remote CA(s) for viewing/reporting/alerting.

 

Universal Orchestrator – Extension Services

Keyfactor Responsibilities:

Conduct instructional working sessions for a guided installation and configuration of a select extension on an existing Universal Orchestrator to enable certificate management and orchestration.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The various Universal Orchestrator Extensions provide certificate management capabilities on various endpoints. This allows Customers to discover, view, monitor, report, and alert on its certificates from various sources.

 

Universal Orchestrator – Privileged Access Management

Keyfactor Responsibilities:

Conduct instructional working sessions for a guided installation and configuration of a PAM extension on an existing Universal Orchestrator to enable secret retrieval (CyberArk, Delinea, HashiCorp, etc.).

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Privileged Access Management (PAM) functionality in Keyfactor Command allows for configuration of third party or Keyfactor Command local PAM providers to secure certificate stores, credentials for accessing certificate authorities, and other functions.

 

Universal Orchestrator – Microsoft CA Sync

Keyfactor Responsibilities:

Conduct an instructional working session for a guided configuration of an existing Universal Orchestrator to enable synchronization with a Microsoft certificate authority.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service provides an instructional approach to enable the Microsoft CA Sync within a Universal Orchestrator, allowing certificate synchronization between a Microsoft CA and Keyfactor Command.

 

PKIaaS High Availability Services

Keyfactor Responsibilities:

Keyfactor will provide comprehensive automation of the PKI as a Service build process, with support for a second highly available environment which is crucial for mission-critical PKI infrastructure.

Customer Responsibilities:

  • Customer will provide Certificate Authority and Certificate Profile specifications prior to the build automation, otherwise, elect default naming conventions and standardized use cases.

Value Statement:

A streamlined CLAaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases in a highly available configuration.

CLAaaS High Availability Services

Keyfactor Responsibilities:

Keyfactor will provide comprehensive automation of the Certificate Lifecycle Automation as a Service build process, with support for a second highly available environment which is crucial for mission-critical PKI infrastructure.

Customer Responsibilities:

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

A streamlined CLAaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases in a highly available configuration.

 

On-Prem High Availability Services

Keyfactor Responsibilities:

Keyfactor will conduct instructional working sessions for guided installation and configuration of Keyfactor Command in the customer’s environment in a highly available configuration, which is crucial for mission-critical PKI infrastructures.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of Keyfactor Command.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

A series of instructive working sessions to install and configure Keyfactor Command within the customer’s environment to enable certificate lifecycle management in a highly available configuration.

 

PKIaaS Geo-Redundant Services

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the PKI as a Service build process, with support for geo-redundant services, designed to ensure high availability and disaster recovery by duplicating and synchronizing data across two geographical data centers.

Customer Responsibilities:

  • Customer will provide Certificate Authority and Certificate Profile specifications prior to the build automation, otherwise, elect default naming conventions and standardized use cases.

Value Statement:

A streamlined PKIaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases within a Keyfactor hosted geo-redundant environment.

 

CLAaaS Geo-Redundant Services

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the Certificate Lifecycle Automation as a Service build process, with support for geo-redundant services, designed to ensure high availability and disaster recovery by duplicating and synchronizing data across two geographical data centers.

Customer Responsibilities:

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

A streamlined CLAaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases, in a geo-redundant configuration.

 

PKIaaS Geo-Redundant & High Availability Services

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the PKI as a Service build process, with support for geo-redundant and high availability services, designed to ensure high availability and disaster recovery by duplicating and synchronizing data across two geographical data centers.

Customer Responsibilities:

  • Customer will provide Certificate Authority and Certificate Profile specifications prior to the build automation, otherwise, elect default naming conventions and standardized use cases.

Value Statement:

A streamlined PKIaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases within a Keyfactor hosted geo-redundant and highly available environment.

 

CLAaaS Geo-Redundant & High Availability Services

Keyfactor Responsibilities:

Keyfactor will provide a comprehensive automation of the Certificate Lifecycle Automation as a Service build process, with support for geo-redundant and high availability services, designed to ensure high availability and disaster recovery by duplicating and synchronizing data across two geographical data centers.

Customer Responsibilities:

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

A streamlined CLAaaS build process that resembles familiar certificate authority and certificate profile naming conventions and use cases in a geo-redundant and highly available configuration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close