As a system administrator, you can enable org admins to manage their site TLS/SSL certificate settings (ORGS tab <org-or-system> - Security Information - TLS/SSL Server Certificates).

Important: This section shows how to delegate specific TLS/SSL certificate actions to a MOVEit Transfer organization administrator. You must have system administrator role permissions to use the UI and policy controls described in this section.
Tip: If you are a MOVEit Transfer organization administrator ("org admin"), See the Current IIS and FTP Certificate topic to understand the UI controls available to you if a sys admin provided you the ability to submit certificates for approval for your organization.

When enabled, this checkbox (Allow administrator... to manage the TLS/SSL Server Certificates) grants organization administrators (also referred to as "org admins") to add, update, and remove TLS/SSL Certificates from their Organization's SETTINGS tab.

Delegate Certificate Management Actions (but retain final approval action)

The following visual calls out the UI features for delegating certificate management actions to organization administrators.

Granting Certificate Management to Admins (and subsequent workflow)

Workflow Sys Admin UI Control Description
1 Allow administrator...to manage the TLS/SSL certificates checkbox Enable OrgAdmin to upload or remove TLS/SSL server certificates for a particular organization.
2 Pending Certificate dialog Review and then approve or reject pending certificates.
  • Pending certificates are uploaded by the org admins at your site.
  • Certificate upload triggers an email notification for the Sys Admin user.
3 Current IIS and FTP Certificate view View the current (active) TLS/SSL server certificate in use.

Tip: Only SysAdmin-level users can view and manage MOVEit Transfer Organizations using the ORGS tab. For other user roles, this item is not available.

Task 1: Grant/Delegate TLS/SSL Certificate Upload

Grant Administrators the Ability to Manage (upload for review or remove) TLS/SSL Server Certificates

Task 2...n: Respond to Org Admin-triggered Reviews

After you as a sys admin user grant org admins the privilege to manage/upload TLS/SSL Server certificates for a specific org, you can expect email notifications that there is a recently uploaded certificate pending for your review.

Note: Ensure you notify your organization admins that they have this capability. For multi-tenant (multi-org) systems, it will be helpful if you share documentation that describes the org admin's responsibility as part of this workflow.

Certificates Approved by Sys Admin Can be Included by the Org Admin.

Topics Related to This Workflow

For selected topics related to this workflow and control, you can refer to: