> For the complete documentation index, see [llms.txt](https://docs.scepman.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.scepman.com/scepman-configuration/application-settings/active-directory/user-template.md).

# User Template

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:Enabled

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_Enabled*

**Value:** *true* or *false* (default)

**Description:** This setting enables the certificate template `SCEPmanUser`

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:TemplateName

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_TemplateName*

**Value:** Certificate template name

**Description:** This setting allows you to choose a custom template name for this certificate template. It is displayed when you manually enroll a certificate of that template. For maximum compatibility, choose a name witho only alphanumeric characters and no blanks.

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:GroupFilter

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_GroupFilter*

**Value:** Comma-separated list of AD groups specified by their SID

**Description:** This setting limits which Active Directory group members are allowed to enroll certificates for this certificate template. If configured, it overrides the general setting [AppConfig:ActiveDirectory:GroupFilter](#appconfig-activedirectory-groupfilter).

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:Ksps

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_Ksps*

**Value:** Semicolon-separated list of CSPs/KSPs allowed for key generation

**Description:** You can define the key storage providers in which the certificates private key might be created in. If no value is specified, all KSPs are allowed to be used, and the client decides which KSP suites best. Valid values include:

* **Microsoft Platform Crypto Provider** - Stores the private key in the device's TPM.
* **Microsoft Passport Key Storage Provider**
* **Microsoft Software Key Storage Provider** - Stores the private key on the hard drive, secured with the machine key.
* **Microsoft Smart Card Key Storage Provider** - Stores the private key on a smart card.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.scepman.com/scepman-configuration/application-settings/active-directory/user-template.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.