...

To add a department:

• Go to Settings → Organizations and click on the organization line to check it, then use the Departments button to bring up the listing window and press Addpress .
• Fill in the desired OU= department name component in the Department Name field. The rest of the name components will be as for your organization. Do not fill in the Secondary Organization Name or Academic code.
• Do not enter EV Details. In the Certificate Settings tab, select Client Certificates and disable Select the Client Certificate tab and disable Key Recovery for MRAO and DRAO ( "Allow Key Recovery by Master Administrators"" and "Allow Key Recovery by Department Administrators", respectively). It will already be disabled for RAOs Organization Administrators as that was part of the organization setup done by SUNET.
• Do not fret over other options on the various tabs, as they can be changed later. Do not enable or change things you do not understand. Finish using the OK button.

...

In the first case with a completely new domain for the department, follow the normal domain validation procedure above to add department-example.com (and *.department-example.com with  if needed for wildcards) with delegation to the department and initiate DCV as you did for your main domain.

In the second case with a subdomain of your already validated main domain, you will still add department.example.org org (and *.departement.example.org if needed for wildcards) with delegation to the department but you will not have to initiate DCV again, as the SCM is smart enough to know that example.org is already validated. As for your main domain, you should expect department.example.org to show as Validated at once, and *.department.example.org with some delay.

Admins

You create additional admins (RAOs for your whole organization or DRAOs for departments you have created) under the Admins tab with the Add button. You can also edit existing admins by clicking on the line to check them and then using the Edit button.

...