Configuring a Registration ManagerChapter 4 Registration Manager 155Setting Up AuthenticationThe first step in configuring enrollment is setting up authentication. You can set upmore than one type of authentication. Each type you set up must be associated witha particular form in the interface. If you are using the certificate profile feature forenrollments, the forms are dynamically generated with the content beingdetermined by the inputs you set for a particular certificate profile. You can evenset up the same method of authentication and associated more than one form withit. You might do this if you wanted to change other aspects of the enrollment.For example, you might want to create an automated authentication that requiresLDAP authentication. You have two classes of employees, permanent andtemporary. You want to issue both classes of employees certificates using LDAPauthentication, but you want to issue each of these classes certificates with differentvalidity periods and different extensions. You can create two different forms, bothusing LDAP authentication, but each having different policies associated with theform.You can configure the authentication method to be agent-approved or automated.The agent-approved enrollment, in-person agent initiated enrollment, and CMCenroll methods are enabled and configured when you install the RegistrationManager. In order to enable and configure one of the automated enrollmentauthentication methods, you need to enable and configure that authenticationinstance. You can also provide certificate based authentication for eitheragent-approved or automated enrollments. For detailed information on setting upauthentication, see Chapter 9, “Authentication.”The authentication you set up in the Registration Manager has no bearing on theCertificate Manager. Requests received by the Certificate Manager from theRegistration Manager will be considered to have been authenticated correctly bythe Registration Manager; the Certificate Manager will do no authenticationchecking.Agent-Approved EnrollmentThe Registration Manager is enabled by default for agent-approved enrollment.The agent-approved enrollment form is used to enroll end entities whose request issent to the agent services interface for processing. If you are using the certificateprofile feature, an agent-approved enrollment is associated with any certificateprofile that does not declare an authentication method. Agent-approved certificateprofile enrollments are also sent to the agent services interface for processing.