...

• Fill in login (with a suitable user name), email, forename and surname. We advice you to leave the rest of the contact information empty, as it is not needed.
• At the moment, we advice you not to use the Identity Provider and IdP Person Id fields until Sectigo has told us exactly how and when they workSelect "Your institution" as Identity Provider and fill in the admin's ePPN ("SWAMID identity") in IdP Person Id to enable the admin to login via SWAMID when SAML has been set up correctly.
• A password has to be provided for a new admin. The first time they login they will have to change it.
• Select the desired privileges under Privileges. Do not check "WS API Use Only" (will be explained later).
• Select the desired roles under Roles which means selecting the right combinations of level (RAO for your organization or DRAO for a department you have created) and certificate type (SSL, client or code signing).
• When done, you have to communicate the selected password to the new admin (it is not emailed by the system).

We strongly recommend that you create personal admin users (not shared ones), to be able to see who has done what in the system.

It has been reported that some privileges cannot be assigned by one RAO to another. If that affects you, email tcs@sunet.se to have it fixed manually.

...