--- title: "Sysadmin Settings - Enrollment Policy" slug: "fortanix-data-security-manager-sysadmin-settings-enrollment-policy" updated: 2026-04-01T07:27:17Z published: 2026-02-26T19:18:07Z canonical: "support.fortanix.com/fortanix-data-security-manager-sysadmin-settings-enrollment-policy" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Sysadmin Settings - Enrollment Policy ## 1.0 Introduction This article describes the rules governing node enrollment within a Fortanix Fortanix-Data-Security-Manager (DSM) cluster that are configured by the system administrator. The settings displayed here are applicable to all the nodes within the cluster. ## 2.0 Enrollment Policy Fortanix DSM automatically enforces security policies for enrolling new nodes and users into the system. The Enrollment Policy settings define rules for authentication, trusted Software Guard Extensions (SGX) verification, and certificate-based enrollment. Navigate to **System Administration** → **Settings**→**ENROLLMENT POLICY** tab. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/enrollement-policy-screen.png) **Figure 1: Enrollment policy page** The **Enrollment policy**page displays the current configuration settings for node and user enrollment. The check boxes displayed are selected or unselected based on the DSM version and user-configured settings. - **Join Policy**: It defines the conditions under which new nodes and users can join the DSM cluster. It displays information about the following configurations: - **SGX**– Indicates if a node passed Intel Attestation Service (IAS) or Data Center Attestation Primitives (DCAP) attestation. > [!NOTE] > NOTE > > Intel Attestation Service (IAS) will be reaching the end of life (EOL) by April 02, 2025. *For more information on migration from IAS to DCAP attestation, refer to*[*IAS to DCAP Migration Advisory*](https://fortanix.zendesk.com/hc/en-us/articles/34674880715284-IAS-to-DCAP-Migration-Advisory)*.* - **Trusted node identity** – Indicates if Secure Node Join feature is enabled for your cluster. F*or more information, refer to*[*Updating Existing DSM Cluster with Trusted Nodes*](https://support.fortanix.com/docs/fortanix-data-security-manager-installation-guide-on-prem#70-update-the-existing-dsm-cluster-with-trusted-nodes)*.* - **Node CA** - Indicates that the cluster requires a certificate signed by the Node CA from the new node. This option is always selected by default. - **Allowed SGX Types**: It defines a field in cluster's Enrollment configuration, which can have any SGXType as its value. These types represent different variants of the Intel® SGX architecture, defined as an Enum. SGXType is a mandatory field in the PCK Certificate. *For more information, refer to*[*Intel® SGX PCK Certificate and Certificate Revocation List Profile Specification*](https://api.trustedservices.intel.com/documents/Intel_SGX_PCK_Certificate_CRL_Spec-1.5.pdf)*.* It displays information about the following SGX types in system configurations: *For more information on the SGX capabilities of Azure DCsv2 series or DCsv3 series VMs, refer to*[*DCsv2 sizes series*](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcsv2-series)*or*[*DCsv3 sizes series*](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcsv3-series?tabs=sizebasic)*.* *For more information Fortanix Series I, II, or III Appliances, refer to*[*Hardware Guide*](https://support.fortanix.com/docs/hardware-guide)*.* > [!NOTE] > NOTE > > The **Enrollment Policy**page is read-only and cannot be edited. - **Standard**– It refers to the original Intel SGX architecture (SGX1) to provide secure enclaves. - **Scalable**– It refers to the enhanced Intel SGX architecture (SGX2) with dynamic memory management, added instructions, and improved performance. - **Scalable with integrity** – It refers to a more enhanced Intel SGX architecture (SGX2 and Memory Integrity) with additional memory integrity protection. Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.