Skip to main content
Skip table of contents

Use Cases: PKIaaS, Command SaaS, Command On-Prem

PS Use Case(s): Choosing PKIaaS, Command SaaS, Command On-Premise

Customers will need to choose the PS Use Case(s) to insert into their selected Professional Services Package that best meets their business goals.

Onboarding packages include the deployment and adoption of 1 basic use case (chosen from the “basic” section below) in addition to core elements listed under the Onboarding Package Type description.

Additional Services packages can include any purchases amount of the following use cases and PS Adoption sets.

PS Use Case Categories

Basic PS Use Cases: Basic use cases are the building blocks in configuring our products to meet each customer’s needs.

Intermediate PS Use Cases: Intermediate use cases are more complex use cases that require additional effort to install and/or configure.

Advanced PS Use Cases: Advanced use cases are highly complex use cases that require a large amount of effort to install and/or configure.

PS Adoption Sets: The additional PS Adoption Sets on any use case are designed to provide a deeper level of product adoption and enable customers to fully utilize Keyfactor products. Customers can purchase as many PS Adoption sets as needed, however recommendations for the amount of PS Adoption Sets per each Use Case are seen in the Adoption Set Section below. Each PS Adoption Set is comprised of 4 working sessions per order to be used within a 2 week period (2 sessions per week).

Basic Use Cases

Gateway - Remote CA Client Services

The Remote CA Client allows the customer to manage certificates and certificate lifecycle management of an on-premises or remote CA.

Keyfactor’s Professional Services will provide a guided installation and configuration of the Remote CA client to enable certificate management of an on-premises certification authority as follows:

  • Install and configure 1 CA Client Connector

  • Configure 3 Enrollment Patterns/Templates

Gateway - Cloud Gateway Services

The Keyfactor Cloud Gateway supports management of digital certificates from a Microsoft CA hosted in a cloud-based environment managed by Keyfactor. The gateway runs and behaves in a similar manner to an Enterprise CA in your local environment without the overhead of needing to manage a full Enterprise CA implementation. This allows the gateway the ability to perform end-to-end certificate lifecycle within the enterprise.

Keyfactor’s Professional Services will conduct instructional working sessions for guided installation and configuration of the Cloud Gateway, on-premises, to enable user or template synchronization as follows:

  • Install and configure 1 Cloud Gateway

  • Template & User Synchronization

Gateway - EJBCA Remote CA Gateway Services

The EJBCA Remote CA Gateway allows communication with an on-prem or cloud-based EJBCA CA.

Keyfactor’s Professional Services will conduct instructional working sessions for a guided installation and configuration of the EJBCA Remote CA Gateway to enable certificate management as follows.

  • Install and configure 1 EJBCA Remote CA Gateway

Gateway - Windows Enrollment Gateway Services

The Keyfactor Windows Enrollment Gateway supports management of digital certificates in an EJBCA CA hosted in a cloud-based environment managed by Keyfactor. The gateway runs and behaves in a similar manner to an Enterprise CA in your local environment without the overhead of needing to manage a full Enterprise CA implementation. This allows the gateway the ability to perform end-to-end certificate lifecycle within the enterprise.

Keyfactor’s Professional Services will conduct instructional working sessions for a guided installation and configuration of the Windows Enrollment Gateway, on-premises, to enable on-prem enrollment to PKIaaS as follows:

  • Install and configure 1 Windows Enrollment Gateway

  • Configure 1 End-entity Profile/Certificate Profile for Microsoft Auto-Enrollment

  • Configure 1 additional enrollment Use Case

Gateway - AnyCAGateway Services

The AnyCAGateway simplifies the management of multiple third-party certificate authorities (CAs) by unifying API and communication requirements into a single, intuitive interface. It enables seamless integration of third-party CAs with Keyfactor Command. 

Keyfactor’s Professional Services will conduct instructional working sessions or hosted installation and configuration of the AnyCAGateway and a third-party extension to enable certificate management to a third-party certificate authority as follows:

  • Install and configure 1 AnyCAGateway for 3 CAs from the same provider

  • Configure 1 certificate template per CA

Universal Orchestrator - Base Services

The Keyfactor Universal Orchestrator (UO) is designed to run jobs at the request of the Keyfactor Command server, primarily certificate management tasks, but also includes other types of tasks and operations. The UO and its extension(s) allow jobs to be implemented and executed, including discovering and monitoring SSL/TLS endpoints, retrieving log information, and managing certificates from remote CA(s) for viewing/reporting/alerting.

Keyfactor’s Professional Services will conduct instructional working sessions for a guided installation of a Universal Orchestrator on-premises in the customer environment and establish a connection to Command as follows:

  • Install and configure 1 Universal Orchestrator

Universal Orchestrator - Extension Services

The various Universal Orchestrator Extensions provide certificate management capabilities on various endpoints. This allows Customers to discover, view, monitor, report, and alert on its certificates from various sources.

Keyfactor’s Professional Services will conduct working sessions for a guided installation and configuration of a select extension on an existing Universal Orchestrator to enable certificate management and orchestration as follows:

  • Configure 1 extension for the Universal Orchestrator

  • 1 Inventory Test Case

  • 1 Management Test Case

Universal Orchestrator - Privileged Access Management

Privileged Access Management (PAM) functionality in Keyfactor Command allows for configuration of third party or Keyfactor Command local PAM providers to secure certificate stores, credentials for accessing certificate authorities, and other functions.

Keyfactor’s Professional Services will conduct instructional working sessions for a guided installation and configuration of a PAM extension on an existing Universal Orchestrator to enable secret retrieval (CyberArk, Delinea, HashiCorp, etc.) as follows:

  • Configure 1 Universal Orchestrator to utilize a Customer's PAM solution

  • 1 Test Case

Universal Orchestrator - Microsoft CA Sync

This service provides an instructional approach to enable the Microsoft CA Sync within a Universal Orchestrator, allowing certificate synchronization between a Microsoft CA and Keyfactor Command.

Keyfactor’s Professional Services will conduct an instructional working session for a guided configuration of an existing Universal Orchestrator to enable synchronization with a Microsoft certificate authority as follows:

  • Configure 1 Universal Orchestrator to synchronize an on-prem Microsoft CA

  • 1 Test Case

Command - GitHub Integrations

This service provides instructional working sessions for a guided configuration of:

  • (1) Keyfactor integration listed within Keyfactor's GitHub repository that does not exclusively pertain to a Universal Orchestrator extension, or third-party gateway.

Command - SSL Discovery

This service will empower the customer to configure the SSL/TLS scanning functionality within Keyfactor Command.

Keyfactor’s Professional Services will conduct instructional working sessions to configure and test SSL/TLS Scanning against a given network range within Command.

  • Configure (2) Network Definitions

  • Enablement & SSL Discovery throughput understanding

Command - Enablement Training

This service will empower the customer to understand common and specialized functions within Keyfactor Command.

Keyfactor’s Professional Services will conduct enablement training sessions for common and specialized functions within Command. These enablement training sessions may include one or more of the following components: Certificate Templates & Regex Validation, Collections, Workflows, Alerts, Reports, Roles, and Metadata.

  • Enablement training sessions for common and specialized functions within Command.

Command - Privileged Access Management

This service provides instructional working sessions for a guided installation and configuration of PAM as follows:

  • Instructional working sessions to enable Command to retrieve secrets from (1) PAM provider (CyberArk, Delinea, HashiCorp, etc.)

Command - Add OAuth IdP + Security Role

This service provides an instructional approach to adding a customer’s identity provider (IdP) and security roles to the Command platform.

Keyfactor’s Professional Services will conduct an instructional working session for a guided implementation and configuration of Command to utilize an IdP consisting of the following:

  • Add customer’s IdP

  • Add 1 Claim

  • Add 1 Security Role

  • Add 1 Collection

  • Add 1 Template


Command - Add SAML + Security Role

This service provides an instructional approach to adding customer IdPs and security roles using SAML.

Keyfactor’s Professional Services will conduct an instructional working session for a guided implementation and configuration of an IdP and configuration of the following:.

  • Add Customer IDP

  • Add 1 Claim

  • Add 1 Security Role

  • Add 1 Collection

  • Add 1 Template

Intermediate Use Cases

Keyfactor Command Protocol Services

Installation and configuration of a Keyfactor protocol server [listed below] to enable certificate management with a certification authority using the specified protocol.

  • Keyfactor ACME Services

  • Keyfactor SCEP Services

Advanced Use Cases

Command - Venafi Migration

This service provides an instructional approach and assistance in the migration of certificate metadata and containers from Venafi to Keyfactor Command.

This order includes:

Up to 20 instructional working sessions including assistance in the migration of certificate metadata and containers from Venafi to Keyfactor Command. Customer must have the following prerequisites completed prior to the start of the engagement:

  • Exporting Venafi certificate metadata as a CSV file with each line containing the certificate serial number or thumbprint.

  • Creating claims and roles in Command to match the desired attributes of metadata in the CSV file.

  • Exporting certificates with private keys as PFX files and importing them into Command.

PS Adoption Sets

The additional PS Adopt Sets can be applied to any use case and are designed to provide a deeper level of product adoption to enable customers to fully utilize Keyfactor products. Each PS Adoption Set is comprised of 4 working sessions to be used within a 2 week period (2 sessions per week). The recommended amount of PS Adoption Sets are as follows:

  • Build - On-Prem Custom Build Services - 1 -2 Sets

  • Gateway - Remote CA (Client) Services - 1 -2 Sets

  • Gateway - Cloud Gateway Services - 1 -2 Sets

  • Gateway - EJBCA Remote CA Gateway Services - 1 -2 Sets

  • Gateway - Windows Enrollment Gateway Services - 1 -2 Sets

  • Gateway - AnyGateway / AnyCA Gateway Services - 1 -2 Sets

  • Universal Orchestrator - Extension Services - 1 -2 Sets

  • Universal Orchestrator - Privileged Access Management - 1 -2 Sets

  • Universal Orchestrator - Microsoft CA Sync - 1 -2 Sets

  • Command - GitHub Integrations - 1 -2 Sets

  • Command - SSL Discovery - 1 -2 Sets

  • Command - Enablement Training - 1 -2 Sets

  • Command - Security Roles - 1 -2 Sets

  • Command - IdP | Security Claims - 1 -2 Sets

  • Command - Workflow Automation - 1 -2 Sets

  • Command - API Integration - 1 -2 Sets

  • Command - Privileged Access Management - 1 -2 Sets

  • Keyfactor ACME Services - 2 -3 Sets

  • Keyfactor SCEP Services - 2 -3 Sets

  • Command - Venafi Migration - 3-4 Sets

  • Command - Oauth Migration - 3-4 Sets

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close