ECS account requirements for WSTEP enrollment

Automating WSTEP enrollment requires creating an Entrust Certificate Services (ECS) Enterprise user account, as explained in Creating a user with PKIaaS roles. Assign to this user one of the following roles.

• PKIaaS Administrator

• PKIaaS CA Administrator

Both roles grant permissions to:

• Create CA

• Add Enrollment Gateway

To enable the WSTEP certificate profiles, this user must add the Active Directory Service to an issuing CA, as later explained in Configuring an Entrust PKIaaS issuing CA for WSTEP.