diff --git a/README.md b/README.md
index 11f8377..2256a3f 100644
--- a/README.md
+++ b/README.md
@@ -7,3 +7,20 @@ Features:
 - Self-service portal to generate client certificates and download device profiles for iOS/macOS
 - Multi-site
 - OCSP endpoint to validate the issued certificates
+
+## Configuration
+
+### Settings
+```python
+
+INSTALLED_APPS = [
+    ...
+    'pki',
+    ...
+]
+
+# Sign the iOS/macOS device profiles using SMIME
+SIGN_PROFILES = True
+# Generate a new user certificate when a user is assigned to a site
+GENERATE_CERT_ON_CREATE = True
+```
diff --git a/demo/demo/settings.py b/demo/demo/settings.py
index 67b8388..2adc3f1 100644
--- a/demo/demo/settings.py
+++ b/demo/demo/settings.py
@@ -154,3 +154,4 @@
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 SIGN_PROFILES = True
+GENERATE_CERT_ON_CREATE = True
diff --git a/src/pki/apps.py b/src/pki/apps.py
index c10b47c..462b707 100644
--- a/src/pki/apps.py
+++ b/src/pki/apps.py
@@ -6,4 +6,4 @@ class PkiConfig(AppConfig):
     name = 'pki'
 
     def ready(self):
-        from .signals import after_site_created  # Noqa F401
+        from .signals import after_site_created, after_site_user_created  # Noqa F401
diff --git a/src/pki/signals/__init__.py b/src/pki/signals/__init__.py
index 0e24d51..e07656d 100644
--- a/src/pki/signals/__init__.py
+++ b/src/pki/signals/__init__.py
@@ -1 +1,2 @@
 from .site_created import after_site_created
+from .site_user_created import after_site_user_created
diff --git a/src/pki/signals/site_created.py b/src/pki/signals/site_created.py
index deff5ac..3543821 100644
--- a/src/pki/signals/site_created.py
+++ b/src/pki/signals/site_created.py
@@ -8,7 +8,7 @@
 
 
 @receiver(models.signals.post_save, sender=Site)
-def after_site_created(_, instance: Site, created: bool, *args, **kwargs):
+def after_site_created(sender, instance: Site, created: bool, *args, **kwargs):  # noqa
     if not created:
         return
 
diff --git a/src/pki/signals/site_user_created.py b/src/pki/signals/site_user_created.py
new file mode 100644
index 0000000..aef5b8b
--- /dev/null
+++ b/src/pki/signals/site_user_created.py
@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.db import models
+from django.dispatch import receiver
+
+from pki.models import SiteUser, CertificateAuthority
+
+import pki.services.certificate
+
+
+@receiver(models.signals.post_save, sender=SiteUser)
+def after_site_user_created(sender, instance: SiteUser, created: bool, *args, **kwargs):  # noqa
+    if not created or not getattr(settings, 'GENERATE_CERT_ON_CREATE', False):
+        return
+
+    ca = CertificateAuthority.objects.filter(site_id=instance.site_id).first()
+
+    if ca:
+        pki.services.certificate.generate_cert_for_user(user=instance.user, ca=ca)