Enrollment Workflow Administrators

Members of the Enrollment Workflow Administrators role can perform the following operations.

Subscription management

Members of the Enrollment Workflow Administrators role cannot manage subscriptions.

Operation	Authorized
Checking your subscriptions	❌
Assigning subscriptions to partitions	❌

Members of the Enrollment Workflow Administrators role cannot manage users.

Operation	Authorized
Inviting users	❌
Managing roles	❌

Members of the Enrollment Workflow Administrators role can perform the following CA management operations.

Operation	Authorized
Browsing CAs	✔
Creating a root authority	❌
Creating an intermediate subordinate authority	❌
Creating an issuing subordinate authority	❌
Importing an external root authority	❌
Downloading a CA certificate	❌
Selecting CA profiles	❌
Deleting a CA	❌

Members of the Enrollment Workflow Administrators role can perform all certificate management operations.

Operation	Authorized
Browsing certificates	✔
Issuing a certificate from CSR	❌
Issuing a certificate in a PKCS #12	❌
Changing the certificate status	❌
Downloading certificates	✔

Members of the Enrollment Workflow Administrators role can only inspect the enrollment configuration.

Operation	Authorized
Configuring ACME in PKIaaS	✔
Configuring Intune in PKIaaS	✔
Configuring Jamf in PKIaaS	✔
Configuring Workspace ONE in PKIaaS	✔
Configuring Ivanti in PKIaaS	✔
Configuring MDM IBM MaaS360 in PKIaaS	✔

Members of the Enrollment Workflow Administrators role can perform the following eForm enrollment operations

Operation	Authorization
Creating eForm TLS enrollment workflows	✔
Requesting eForm TLS entities	✔
Approving and managing eForm TLS entities	❌
Downloading eForm TLS entity certificates	✔

Members of the Enrollment Workflow Administrators role cannot perform the operation described in Managing CA Gateway credentials.