Skip to main content

Learn more about user types, scope, and roles

Understanding user types, their scope, and roles is key to effectively managing DigiCert ONE users.

User terminology

User type determines where a user can act, scope determines which accounts, while user role defines what they can do.

User types determine the kind of access a user has:

  • Standard user have both DigiCert ONE platform and API access.

  • Service user have DigiCert ONE API access only.

User scope defines which accounts a user can access:

  • Account-Scope (AS) users have access to specific accounts within the platform.

  • Partner-Scope (PS) users have access to their partner account, but can create and manage sub-accounts for their customers.

  • System-Scope (SS) users have access to the entire platform, including all accounts and settings in the environment.

Tip

The scope determines which accounts the user is associated with, however the user's permissions will still control what they can view and change within those accounts.

User roles are predefined or custom sets of permissions that determine the specific actions a user can perform.

Tip

The permissions within a user role determines what user can view or change.

Users in DigiCert ONE

Users are generally referenced in the following way:

A standard user with access to one or more accounts.

Capabilities

  • Can sign in to DigiCert ONE using personal credentials.

  • Can connect to client tools and APIs using an API key and client authentication certificate.

Use case

Suitable for individual contributors who need access to specific accounts and tools and administrators managing individual contributors.

A user designed for automated workflows with access to one or more accounts.

Capabilities

  • Cannot sign in to DigiCert ONE.

  • Can connect to client tools and APIs using an API key and client authentication certificate.

Use case

Suitable for automated processes like CI/CD pipelines or system integrations. Commonly used on build servers or in other automated systems.

A system-scope user with access to the entire platform and all accounts within the environment.

Capabilities

  • On-premises customers can access to the entire platform and create and manage all accounts within their environment.

  • Partners can create and manage sub-accounts for their customers.

Use case

Suitable for on-premises administrators managing large-scale deployments or partners managing customer accounts.

Publication date: