This is the third part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process.
In Part 2, we shared three key differences between Symantec and other managed public key infrastructure (PKI) providers around administration and deployment. This week, we will discuss four features of Symantec Managed PKI that provide your organization with the ability to easily deploy certificates to diverse groups of user communities across different platforms without requiring an investment in Professional Services.
8. Look and feel
The visual appeal of an application contributes significantly to ease of use for end users. In part 2, we described how Symantec’s Managed PKI interfaces make it easy to Administer. The same is true, for end user interfaces. Symantec provides a set of consistent, well-defined interfaces that make it easy to deploy certificates to disparate groups of users with varying levels of technical abilities.
Companies can reduce setup and support time by providing setup and usage instructions for end users, directly on the portal. Administrators can supply instructions in PDF, DOC, DOCX, TXT, PPT, PPTX formats that users can download when they get a new certificate. Should a user require further assistance, Administrators can also customize contact information (name, email, and phone) on enrollment pages and within end user e-mail notifications.
9. Branding
Symantec provides a wide range of certificate enrollment methods out of the box. For enrollment methods that require user input, Symantec enables you to easily brand the end user enrollment pages with your company logo from within the web based PKI Manager interface.
Branding can be tailored uniquely for each certificate type. This allows you to expose different brands depending on the user community you are attempting to reach (internal customers vs. external users, different subsidiaries). All enrollment pages are created on-demand, and hosted by Symantec making the easily accessible both internally and externally.
MPKI competitors like Entrust leverage the same static enrollment pages for all customers, unless a customer pays additional annual fees for branding and customization.
10. Localization
Symantec makes it easy to reach a global audience with out-of-the-box support for 9 languages. These languages include: English, French, German, Japanese, Spanish, Chinese, Portuguese, Japanese and Norwegian for both Administrative and end user facing interfaces. Display is based on the region encoding set in the user’s browser. You can also customize the fields that appear in the end user enrollment pages to make them more specific to your organization or to provide an alternative translation. Some MPKI providers limit their language support to English and French, and charge exorbitant prices for professional services to localize enrollment pages.
11. Enrollment and Configuration
For simplicity, Enterprises usually elect to auto-enroll certificates to large communities of users and devices because it is easiest and most transparent. While Symantec supports this method, sometimes auto-enrollment isn’t possible; perhaps the end user is external and isn’t a member of the domain, additional user vetting is required to achieve a particular level of assurance (LOA), or the device is a smartphone, and not a laptop or desktop. Customers can choose from a wide variety of out-of-the-box capabilities to address different issuance scenarios.
Symantec makes it easy to integrate with AD\LDAP for authenticating users during enrollment. By connecting to LDAP through a local PKI gateway, it is possible to move beyond a one-time reference number\authorization code for enrolling users. When additional user vetting is required, Administrators can elect to implement manual approvals for requesting certificates. Administrators approve the enrollment based on the information users enters into the enrollment form.
While many organizations have already made an investment in an MDM solution, many have not, or require a simple solution to deploy certificates to mobile devices. Symantec extends certificate enrollment to mobile devices either natively (IOS) or in conjunction with a PKI client (Android). Customers can elect to use a basic configuration provided by Symantec to deliver a certificate to mobile devices, or supply their own .mobileconfig file for more advanced device configuration. If applicable, it is also possible to automatically recover their publicly trusted SMIME certificate on to a mobile device that was previously enrolled on to their corporate laptop\desktop.
Symantec allows Administrators to configure, deploy and customize the enrollment and authentication methods used for certificate enrollment. The competition either doesn’t support it, or requires professional services to complete the work.
Questions to Ask
- What customizations (including Branding) can be made to end user facing portals?
- Can we perform the branding and customizations ourselves, or do we need to rely on you?
- If we can’t perform the work ourselves, what fees are involved (professional services, annual service)?
- What languages do you support for Administrator console?
- What languages do you support for end user enrollment?
- Do you provide an easy way to propagate my user’s SMIME certificates across laptops\desktops and mobile devices?
Our final post in this series, Part 4, concludes with the 12th fundamental - what to look for in a Managed PKI solution when it comes to mobile device management.