How To Assign Domain Ownership for SSL Certificate Management - Video Version
Overview - How To Distribute SSL Certificate Responsibilities Across Your Organization
To help you run your PKI at scale, domain owners must be set in order to request SSL Certificates. This enables PKI administrators to keep a record of domain ownership, while allowing domain owners to manage approved users or applications that can request certificates for that domain.
Enter the domain owners. Domain owners are users or groups that will be allowed to manage who can request certificates for this domain. Note: Owners cannot request certificates, if an owner also needs permission to request certificates the owner must be added as a requester.
Enter the AAD Objects (User, Groups, Service Principals, and MSIs) that will be allowed to request certificates for this domain.
If domain registration approval is set in CA, This request will be sent to the approvers for them to approve. Dual key approval is enforced, meaning that if you are an approver, someone else will have to approve your requests.