.png){kind=logo}
The following sections provide information about registering to the Keyfactor Customer Portal and logging in for the first time to create your Signum deployment.
This section walks you through everything you need to go from a new subscription to a fully configured Signum deployment with users who can authenticate and sign.
If you have not yet subscribed to Signum SaaS, start with Subscribe to Signum SaaS. If you received a deployment link directly from Keyfactor, skip straight to Register a first-time user in the Keyfactor Portal.
Setup Overview
A first-time Signum admin goes through two distinct layers of setup: the Keyfactor SaaS Portal (where the deployment itself is managed) and the Signum Admin Web Console (where signing is configured). It helps to understand which layer does what before you start:
-
Keyfactor SaaS Portal: Subscribe, deploy, manage portal users, monitor system health, control IP access, apply software updates.
-
Signum Admin Web Console: Import certificates, create policies, manage signing users, configure domains and roles, review signing events.
In This Section
Subscribe to Signum SaaS: How to subscribe through the Azure Marketplace, choose a regional plan, and activate your subscription. If you received a deployment link from Keyfactor, start at the next step instead.
Signum SaaS Portal Setup: How to register your account in the Keyfactor Customer Portal, configure your deployment (domain name, IP allowlist), and find your way around the portal once it is live.
Manage Product Roles: How to add users to your Signum deployment through the Keyfactor SaaS Portal and assign them one of three roles: Admin, User, or Viewer. This is the access layer for the portal and the Admin Web Console, separate from the signing policies you will configure later.
Use Certificate-based Authentication: How to set up certificate-based login for the Signum Agent, which is a prerequisite for unattended, automated, and CI/CD signing workflows. Covers the admin-side certificate upload, user creation, and the user-side .p12 installation.
Key Concepts for New Admins
A few things that are worth understanding before you get into the detail pages:
There are two separate user systems. Users in the Keyfactor SaaS Portal control who can manage the deployment (update software, manage IP access, open the Admin Console). Users in the Signum Admin Web Console control who can sign and with which certificates. These are not the same user list. A user can appear in one without being in the other.
The Signum Administrator role is special. The Signum Administrator is configured by Keyfactor during deployment and is the only role that can create Domains, Roles, and Certificate Groups in the Admin Web Console. If you need to add or remove users from this role, open a ticket with support@keyfactor.com. All other admin tasks can be done self-service.
A policy is required before anyone can sign. Even after a certificate is imported and a user is created, no signing can happen until a policy is created that explicitly connects them. The only exception is the certificate owner. If you are testing and nothing is working, missing or disabled policies are the most common cause.
The default signing policy. When Signum is first deployed, a default signing policy is created automatically. The Signum Admin and Signum User product roles are added to this policy by default, so portal users assigned those roles can sign immediately. You can modify or replace this policy later.