How to Grant Permission to IIS User on XMPro Identity Service Signing Certificate

How Can We Help?

How to Grant Permission to IIS User on XMPro Identity Service Signing Certificate

< Back


After installing a new instance of XMPro Identity Service on a machine that hasn’t had XMPro Identity Service previously installed and configured, the user may have to grant full permission to the IIS User on the Signing Certificate that was installed.

To grant permission to a user, follow the steps below:

Step 1

Open the management console (MMC). MMC can be found by searching with Cortana or by opening the Run application, typing in the keyword “mmc” and clicking OK.

Step 2

In MMC, click on “File” –> “Add/ Remove Snap-in…”

Step 3

A window will open and list all the possible snap-ins that a user can add in. Select “Certificates” from the “Available snap-ins” list and click “Add”.

Step 4

In this step, you need to specify the account where the certificate is stored. During the installation process of XMPro Identity Service, the wizard gave the user a choice between two options: “CurrentUser” and “LocalMachine”. Select the account that was used during the installation of XMPro Identity Service. For the illustration below, the “LocalMachine” store is selected.

Step 5

Click “Next”. Fill in the details on the next form as required and click “Finish”. Click “Ok”.

Step 6

Expand “Certificates”, and then expand “Personal” and “Certificates”. Please note that XMPro Identity Service requires the signing certificate to be installed in the “Personal” location as well as in “Trusted People”. Permission only needs to be granted to the IIS User in the “Personal” location.

Step 7

Right click on the signing certificate that was installed. Hover over “All Tasks” in the right-click menu and choose the “Manage Private Keys…” option.

Step 8

A form will open that will allow the user to grant permission for specific users of the certificate. Click on “Add”.


Step 9

To add a user, make sure that the location of the user is correct.

Click on “Advanced” or type in “IIS_IUSRS”. If you clicked on “Advanced”, a form will open. Click on “Find Now” and select the correct user from the list by double-clicking on the user.

Click “OK”. Make sure that the “IIS_IUSRS” user is granted full control (this should be done automatically).

Click “OK”.

Step 10

Open XMPro Identity Service in your browser and log in.

Comments are closed.

This is the legacy version of the XMPro Documentation site. For the latest XMPro documentation, please visit