Free Trial
Contact Us

Knowledge Base

Knowledge BaseSCM Help docs

What is a Person in SCM?

Updated on January 2, 2026
 

Overview

Person is an individual end user for whom client certificates can be issued. Persons do not log in to SCM; instead, administrators manage their certificates or enable them to use enrollment forms for self-enrollment. 

Persons are managed from the Persons page in SCM. 

1. Person Record Structure (Fields) 

Key fields displayed in the Persons table include: 

  • ID 

  • Name 

  • Common Name (CN) 

  • Organization 

  • Department 

  • Email 

  • Alternative Emails 

  • UPN (User Principal Name) 

  • EPPN (Educationrelated identifier) 

  • Contact Phone 

  • Created / Created By 

  • Modified / Modified By 

  • Deleted (visible only when “Show deleted” filter is enabled) 

Table controls available: Quick Search, Filter, Group, Refresh, Download CSV, Manage Columns. 

Admin controls: Add, Import, Edit, Delete, Certificates, View Audit. 

2. Prerequisites Before Adding or Managing Persons 

Before adding or inviting a Person, ensure: 

  • The Organization and Department exist. 

  • Domains are delegated correctly. 

  • Certificate profiles exist. 

  • Enrollment Forms and Enrollment Accounts are set up if using selfenrollment. 

3. Adding a Person (Single Entry) 

  1. Go to Persons. 

  1. Click Add. 

  1. Fill the following information:  

  1. Organization 

  1. Department 

  1. Domain 

  1. First Name, Middle Name (optional), Last Name 

  1. Phone Number 

  1. Email Address 

  1. Click Next. 

  1. Complete the Details tab:  

  1. Common Name (CN) 

  1. EPPN (optional) 

  1. UPN (optional) 

  1. Validation Type (Standard or High validation for S/MIME Sponsored Enrollment) 

  1. Alternative Emails 

  1. Secret (Secret ID for selfenrollment) 

  1. Click Save. 

4. Importing Persons (Bulk via CSV) 

Two CSV formats exist: 

  • Organizations with UPN support 

  • Organizations without UPN support 

Standard CSV columns (NoUPN example): 

  • A: First Name (Required) 

  • B: Middle Name (Optional) 

  • C: Last Name (Required) 

  • D: Email Address (Required) 

  • E: Alternative Emails (Required) 

  • F: Validation Type (Standard or High) 

  • G: Organization (Required) 

Import is done via Persons → Import. 

5. Managing Existing Persons 

Edit a Person 

  1. Go to Persons, select the record. 

  1. Click Edit. 

  1. Update personal details and Details tab fields. 

  1. Save. 

Send a Self-Enrollment Invitation 

Requires a configured Enrollment Form. 

  1. Go to Persons → select Person → Edit. 

  1. Open Enrollment Invitation tab. 

  1. Click Add Invitation. 

  1. Select Enrollment Endpoint and Account. 

  1. Click Send. 

View or Revoke Certificates 

  1. Go to Persons → select the Person → Certificates. 

  1. Select the certificate. 

  1. Click Revoke, choose reason, add message if needed. 

Delete a Person 

  1. Select the Person. 

  1. Click Delete. 

  1. Confirm deletion. 

Deleted records only appear when “Show deleted” filter is used. 

View Audit Logs 

Use View Audit to see log history for the specific Person. 

6.  Enrollment Authentication Types 

Access Code Method 

  • A shared access code is used on the Enrollment Form. 

  • Useful for broad internal deployments. 

Secret ID Method 

  • Each Person has a unique Secret ID. 

  • Provides granular control and better auditing. 

7. Validation Type Options 

  • Standard: For standard client certificates. 

  • High Validation (S/MIME Sponsor Validated): Requires sponsor approval before cert issuance. 

8. Recommended Best Practices 

  • Maintain clear Organization/Department mapping. 

  • Preconfigure Enrollment Forms before inviting users. 

  • Use strong and unique Secret IDs when using Secret ID authentication. 

  • Use Alternative Emails, UPN, or EPPN only when required. 

  • Use CSV export/Download for periodic reviews. 

  • Use audit logs to track identity lifecycle changes. 

9. Troubleshooting Guide 

Enrollment Fails 

  • Check authentication type (Email Confirmation vs Secret ID). 

  • Ensure email domain matches delegated domain. 

  • Confirm Validation Type requirements. 

  • Check enrollment form configuration and linked accounts. 

  • Review SCM audit/logs. 

Certificate Issues 

  • Verify CN/UPN/EPPN/Alternative Emails formatting. 

  • Ensure certificate profile supports required SAN fields. 

  • Confirm sponsor validation if using High validation. 

10. Frequently Asked Questions 

Do Persons have logins? 
No. Persons are identities managed by administrators. 

Can Persons be imported in bulk? 
Yes, using the Import feature with the appropriate CSV format. 

Should I use Access Code or Secret ID? 
Use Access Code for larger rollouts; Secret ID for peruser control. 

 

 

Related Articles:  

Tags: 

 

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources