Skip to main content

Manage users and API access

DigiCert® Private CA enables advanced user access control across your private CA infrastructure, with predefined user roles and a comprehensive list of user permissions.

Important

The user-role models for DigiCert-hosted and customer-hosted environments are different. Make sure you're referencing information relevant to your environment.

Users in DigiCert-hosted environments

A DigiCert-hosted private CA is part of the DigiCert ONE platform. The users in this platform are added and managed in Account Manager.

Learn more about user types, scope, and roles in Account Manager.

Users for the UI

Shown as Users in the UI, these users can log on to DigiCert ONE and access the private CA UI.

When you’ve determined the type of user required, assign the appropriate user role to define and control their permissions.

API users

Shown as Service users in the UI, these users interact with the private CA only through the API. They can’t sign in to the UI. Such users are created for automated workflows and integrations and not for standard human users.

The permissions of service users are also controlled via their user roles.

Users in customer-hosted environments

A customer-hosted private CA is a standalone setup with its own user management module. Users in such environments exist only within that environment and cannot access any other DigiCert services you might have.

Users for the UI

Shown as Users in the UI, these users can log on to the DigiCert Private CA UI. As customer-hosted environments don't have multi-account hierarchies, there are no Access scope settings here, like in the DigiCert-hosted environments.

The user roles model in customer-hosted environments is simplified and optimized for a standalone setup, with no dependency on DigiCert ONE.

API users

Shown as API users in the UI, these users interact with the private CA only through the API. They can’t sign in to the UI. Such users are created for automated workflows and integrations and not for standard human users. You can still submit API requests manually using all available endpoints.

Users in hybrid environments

In a hybrid environment, the private CA is hosted by the customer and DigiCert ONE is hosted by DigiCert. The private CA remains a separate system outside of DigiCert ONE.

You must manage private CA users within the private CA. You cannot manage them in DigiCert ONE.

Users from the customer-hosted private CA cannot access DigiCert ONE, and DigiCert ONE users cannot access the customer-hosted private CA.

In this section: