I am being told that the organization will not create an SSH cert because there is not enough trace-ability for who-did-what-when-where. Is that correct, or is it that they just do not want it?
So, do you mean SSL certificate?
Anyway, they’re wrong. If you enable tracing and logging in PowerShell on the remote machine then every command gets logged along with who did it. Lee Holmes has done videos on the subject and written quite a bit.