Looking for information regarding the security requirements for implementing automated certificate management, particularly the permissions required for the account used in the automated certificate request workflow:
The Microsoft Gateway user needs the following permissions:
- CredSSP needs to be configured on the CA and MID Server.
- The User should be part of Enterprise Admins.
- The User should be in the Security Group of the Template used.
- The User should have Read, Issue and Manage Certificates, Manage CA, and Request Certificates Permission in the CA.
https://docs.servicenow.com/bundle/utah-it-operations-management/page/product/discovery/concept/auto...
We are most concerned with the first two bullet points (especially the second). Granting these permissions, especially Enterprise Admins, is not something I would expect flies in most organizations. Has anyone managed to implement this with a more fine-grained set of permissions? Any help or guidance would be greatly appreciated on this subject!
