Skip to main content
Skip table of contents

Introduction and architecture

Keyfactor’s Command SaaS Lite is a cloud-based Certificate Lifecycle Management platform designed to help organizations make sense of, quantify, and review their identity assets. Additionally, it is designed to connect to a third-party CA for certificate issuance.

The deployment architecture is shown below:



  1. Portal and Command access requires whitelisted IP addresses. That address is added by an Admin within the SaaS Portal.
    Upon deployment, a user will be prompted to add the first IP address.
    Note: This requirement applies to users and Orchestrators that are communicating with Command.

  2. Each Command SaaS Lite deployment is limited to a single third-party CA connection. A CA is chosen as part of the deployment process.

  3. When reviewing the Command documentation, note that Command SaaS Lite is NOT configured using Active Directory.

  4. Command is preconfigured to connect securely to your CA.
    DO NOT delete the configured Certificate Authority in Command or the CA Gateway configuration. These items have been preconfigured to securely communicate with each other and will require support intervention to re-create.


    Do not delete the CA.

  5. When using DigiCert and setting up a CA Template for enrollment, note that the Name field should match the “Name:” in the DigiCert portal for the organization.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.