Create a Master Security Officer

Prerequisite: To create a new Master Security Officer, you need the right to display and create security officers.
Note: A quick way of creating new Master Security Officers is to promote a Security Officer. For further information, see Promoting security officers.
  1. In the SafeGuard Management Center, select Security Officers.
  2. In the navigation window, right-click the Master Security Officers node and select New > New Master Security Officer.
  3. Make the relevant entries in New master security officer:
    Field/check box Description
    Enabled The security officer can be deactivated until further notice. This means that the security officer is in the system, but they cannot log on to the SafeGuard Management Center yet. They can only log on and perform their administrative tasks when another security officer activates them.
    Name Enter the name of the security officer as given in the certificates created by SafeGuard Enterprise in cn =. The security officer is also displayed under this name in the SafeGuard Management Center navigation window. This name must be unique.

    Maximum value: 256 characters

    Description Optional

    Maximum value: 256 characters

    Cell phone Optional

    Maximum value: 128 characters

    E-Mail Optional

    Maximum value: 256 characters

    Token logon The logon can be done in the following way:

    No token The security officer may not log on with a token. They have to log on by entering the logon information (user name/password).

    Optional Logon can be either with a token or by entering the logon information. The security officer is free to choose.

    Mandatory A token has to be used to log on. To do this, the private key that belongs to the security officer's certificate must be on the token.

    Certificate A security officer always needs a certificate to log on to the SafeGuard Management Center. The certificate can either be created by SafeGuard Enterprise or an existing one can be used. If token logon is essential, the certificate has to be added to the security officer's token.


    The certificate and key file are created and saved in a selected location. Enter and confirm a password for the .p12 key file. The .p12 file must be available to the security officer when logging on. The certificate created is automatically assigned to the security officer and displayed in Certificate. If SafeGuard Enterprise password rules are used, rules in the Active Directory should be deactivated.

    Note: Max. length of path and file name: 260 characters. When creating a security officer, the certificate's public part is sufficient. When logging on to the SafeGuard Management Center, however, the certificate's private section (the key file) is also required. If it is not available in the database, it must be available to the security officer (for example on a memory stick) and may be stored in the certificate store during logon.
    Certificate Import:

    An existing certificate is used which is assigned to the security officer during import. If the import is from a .p12 key file, the certificate's password must be known.

    If a PKCS#12 certificate container is selected, all certificates are loaded into the list of assignable certificates. The certificate is then assigned after the import, by selecting the certificate from the drop-down list.

  4. Click OK to confirm.

The new Master Security Officer is displayed in the navigation window under the Master Security Officers node. Their properties can be displayed by selecting the respective security officer in the navigation window. The MSO can log on to the SafeGuard Management Center with the name displayed.