- DigiCert product docs
- Software Trust Manager
- Overview
- Users
- Create a user
Create a user
A standard user with access to a specific account. Users can sign in to the platform with their credentials and connect to client tools and APIs using their API key and client authentication certificate.
Follow these steps to create a user:
Sign in to DigiCert ONE.
Navigate to: Manager menu (top-right) > Account Manager > Access > Users.
Select Add user.
Enter the following service user information:
Field
Description
Account
Select the user's primary account.
Anmerkung
Selecting the user's primary account determines the user's DigiCert ONE sign-in and sign-in methods. If you need to assign the user to more accounts for other specific functions, update the user after the user is created.
First and last name
Provide the user's name.
Email address
Provide the user's email address. This email will be used for notifications.
Username
The username will automatically be populated with the email address, however you can edit this field.
Phone (optional)
Click on the dropdown menu next to the flag to select the dialing code for your country, then provide your phone number.
Language
Select your preferred language.
DigiCert ONE Manager access
Select Software Trust Manager.
Anmerkung
Additionally select DigiCert® Account Manager if the user is required to manage other users, accounts, or organizations for the DigiCert ONE account.
Select Next.
Assign the necessary Software Trust Manager role for the user.
Beispiel 1. LeadThe lead role is used for users responsible for managing cryptographic assets, enforcing policies, monitoring compliance for users in the account.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
Manage account settings
User can update DigiCert® Software Trust Manager > Accounts > Account settings.
Manage CertCentral API key
User can delete, disable, enable, setup, update and validate a CertCentral API key.
View license
User can view licenses for the account.
Teams
Manage all teams
User can:
Create new teams.
View, update, deactivate, delete, and map resources to existing teams.
Audit logs
View audit log
User can view audit and signature logs in the account.
Export audit logs
User can export audit logs in the account.
Certificates
Manage certificate hierarchy
User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.
Manage certificate profiles
User can:
Create, update, enable, disable, and delete certificate profiles.
Update and delete certificates.
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Generate certificate
User can create a new certificate.
Import certificate
User can import certificates into the account.
Revoke certificate
User can revoke certificates in the account.
View certificate
User can view certificate details in the account.
Keypairs
Request keypair export
User can request to export keypairs.
Approve keypair export
User can approve requests to export keypairs.
Approve keypair delete
User can approve requests to delete keypairs.
Import keypair
User can import keypairs into the account.
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Manage keypair
User can:
Update, suspend or unsuspend keypairs.
Create, update, enable, and disable keypair profiles.
Create and update user groups.
Create, update, and refresh key rotation.
Generate a CSR
Manage master keypair
User can:
Create GPG master key
Update, import, delete, generate, revoke, suspend, unsuspend a master key.
Create subkeys.
Signatures
Sign
User can sign.
Releases
View release windows
User can view releases in the account.
Request release
User can request to create an offline release.
Approve release window
User can approve requests to create offline releases.
Threat detection
Manage Threat detection
User can view and download threat detection scans in the account.
Beispiel 2. Team leadThe team lead role is used for managing developers and engineering teams responsible for signing and releasing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Teams
Manage my team
User can view, update, deactivate, and map resources to existing teams that they are part of.
Audit logs
View audit log
User can view audit and signature logs in the account.
Export audit logs
User can export audit logs in the account.
Certificates
Manage certificate hierarchy
User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Import certificate
User can import certificates into the account.
Revoke certificate
User can revoke certificates in the account.
Generate certificate
User can create a new certificate.
View certificate
User can view certificate details in the account.
Keypairs
Import keypair
User can import keypairs into the account.
Request keypair export
User can request to export keypairs.
Approve keypair export
User can approve requests to export keypairs.
Approve keypair delete
User can approve requests to delete keypairs.
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Manage keypair
User can:
Update, suspend or unsuspend keypairs.
Create, update, enable, and disable keypair profiles.
Create and update user groups.
Create, update, and refresh key rotation.
Generate a CSR
Manage master keypair
User can:
Create GPG master key
Update, import, delete, generate, revoke, suspend, unsuspend a master key.
Sign and create subkeys.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Request release
User can request to create an offline release.
Approve release window
User can approve requests to create offline releases.
Threat detection
Manage Threat detection
User can download threat detection scans in the account.
User can run scans on software using Threat detection.
Beispiel 3. DeveloperThe developer role is used for users responsible for signing, managing assets related to signing, and releasing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Generate certificate
User can create a new certificate.
View certificate
User can view certificate details in the account.
Keypairs
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
Request release
User can request to create an offline release.
View release
User can view releases in the account.
Threat detection
View Threat detection
User can view threat detection scans in the account.
Beispiel 4. Build engineerThe build engineer role is for users responsible for signing and scanning software using threat detection.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
View certificate
User can view certificate details in the account.
Keypairs
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Threat detection
View Threat detection
User can view threat detection scans in the account.
Manage Threat detection
User can download threat detection scans in the account.
Run Threat detection scans
User can run scans on software using Threat detection.
Beispiel 5. SignerThe signer role is used for engineers or authenticated devices responsible for signing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
View certificate
User can view certificate details in the account.
Keypair
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
View release windows
User can view releases in the account.
Assign an Account Manager role to the user, if necessary:
Beispiel 6. Account adminThe Account admin role is used for the primary point of contact for managing account setup and user access.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
Manage accounts
User can view and modify account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
Manage organizations
User can view and modify organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert ONE.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged logged in and what users or credentials were created.
Beispiel 7. User managerThe User manager role is used for managing user access and permissions.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged logged in and what users or credentials were created.
Beispiel 8. Account userThe Account user role is for basic users that need to view account, organization, and user information but primarily works in Software Trust Manager.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged logged in and what users or credentials were created.
Beispiel 9. Default userThe Default user role is for basic users who need to view account and user information but primarily works in Software Trust Manager.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged logged in and what users or credentials were created.
Beispiel 10. View onlyThe View only role is used for auditing and executive read-only access to account and user data.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged logged in and what users or credentials were created.
Beispiel 11. NoneIf you do not select an Account Manager role, the Account option will be hidden from the DigiCert ONE Manager menu (top-right). However, the user can:
View their own user profile
Generate their own API key.
Generate their own client authentication certificate
Select Create.
Achtung
Select the copy icon to copy the token ID.