Roles, RA Profiles and Groups are crucial for definition of user permissions, certificates properties, assignment to certification authorities and notifications. There may be several ways to set principles on how this can be implemented and used in CZERTAINLY. Key to efficient implementation of CZERTAINLY into an organization is to transfer organization structure and split of responsibilities logic into CZERTAINLY setup. Important is also to keep this setup in line with the organization changes and evolvement. During the demonstration I will explain Roles, RA Profiles and Groups and relations between them. I will also show an example, how to use CZERTAINLY's API to automatically synchronize structure defined in Active Directory into CZERTAINLY configuration.