The concept is rather simple: say that we have a PKI organization containing a relatively flat structure, simple three administrators:

For the sake of argument, let's presume that these three are all equal, but their policies require that none of them be able to perform any enrollment actions without the cooperation of at least one of the other. To do so, we can set up the following Accumulative Approval Profile:

Do you require something a bit more fine grained? Read on about Partitioned Approval Profiles


Field NameDescription
Number of Required ApprovalsHow many administrators need to approve the request