The web enrolment service allows “unknown” users in the user database to request the creation of their access accounts (internet, mail server, all services that require authentication) and their certificates.
This module requires at least the use of an LDAP database for user requests and a root CA (internal PKI) for user certificate requests.
To enable users to submit enrollment requests, the captive portal must be configured and allow web enrollment for users. Enrollment can be enabled in Configuration > Users > Authentication, Captive portal profiles tab.
This screen consists of three zones:
- The grid containing user enrollment requests and certificate requests,
- A zone containing information about the selected enrolment request,
- An Advanced properties section.
|Search||Searches in the enrollment requests received.|
|Refresh||Refreshes the list of enrollment requests received.|
|Select all||Selects all the enrollment requests received.|
Approves a user enrollment request or certificate request. Select the line(s) of the requests in question to approve them. When you approve a user enrollment request with a certificate request, you must enter the password of the CA (certification authority) to approve both requests in a single operation.
Rejects a user enrollment request or certificate request. Select the line(s) of the requests in question to reject them. When you reject a user enrollment request with a certificate request, both requests will be rejected at the same time.
Enrollment requests received
|Type||Type of enrollment request received: User or Certificate.|
Name that allows you to identify the user or certificate among the requests received.
This zone displays information about the selected user enrollment request or certificate request. For Certificate requests, only the E-mail address field appears.
|ID||Connection ID that will be created if the user is approved. You can change the format used to generate IDs in the Advanced properties section.|
|First name||User's first name.|
|E-mail address||User’s e-mail address, If notifications have been configured when an enrollment request is approved or rejected, e-mails will be sent to this address. These notifications can be configured in the Advanced properties area.|
|Description||Description of the user. This field can remain empty if the user did not fill it in during the enrollment request phase.|
|Telephone number||User’s telephone number. This field can remain empty if the user did not fill it in during the enrollment request phase.|
|Password||Specifies that the user entered a password during the request phase and that the password complies with the password policy set on the firewall.|
|Certificate request||Specifies whether a certificate creation request was submitted at the same time as the user enrollment request.|
User ID format
|Identifier format||Sets the format used to generate connection IDs when a user enrollment request is received:
Send an e-mail to the user
|when approving/rejecting user's enrollment request||This option makes it possible to send an e-mail to the user to inform him that his user enrollment request has been approved or rejected.|
|when approving/rejecting user's certificate request||This option makes it possible to send an e-mail to the user to inform him that his certificate request has been approved or rejected.|