Skip to main content

Team approvals workflows

When teams are enabled for your account, there are specific actions that need to be requested and approved by the team.

The following actions require approval:

  • Create offline releases

  • Export keypairs

  • Delete keypairs

  • Revoke certificates

The following permissions determines which user can request or approve these actions:

  • Request an above action for the team they belong to:

    User must have the one of the following permissions: request release, request keypair export, request keypair delete and, or revoke certificate.

  • Approve an above action for the team they belong to:

    User must have one of the following permissions: approve release window, approve keypair export, approve keypair delete and, or revoke certificate.

Approval procedure for team actions

Note

Regarding the approval flow for enabled teams:

  • All approval flows are subject to UCO constraints.

  • Users with MANAGE_SM_ALL_TEAMS can take actions on any resource belonging to any team in the account, regardless of whether they are part of that team.

    • They can request actions such as offline releases, keypair exports, keypair deletions, and certificate revocations. However, the approval process remains unchanged; only team members with the appropriate approval permissions can approve these requests.

  • Users with MANAGE_SM_MY_TEAMS or similar roles can take actions on resources belonging to the team they are part of.

    • They can request actions like offline releases, keypair exports, keypair deletions, and certificate revocations. However, as with all requests, only team members with the necessary approval permissions can approve them.

When teams are enabled and a member requests approval to complete an action, the following approval procedure will occur:

  1. All members on the team with the permission to approve the action receives an email with the request.

  2. The approver must click View request in the email.

  3. The approver must review the request and click Approve or Reject.

  4. Once the required amount of approvals are received, then based on the request type:

    1. The certificate will be revoked.

    2. The keypair will be deleted.

    3. The offline release will be created.

    4. The member who requested the approval will receive an email with a link to export the keypair.

Note

If one member rejects the request, the entire request will be canceled and the user has to request the action again.

Change required approvals

To change the required amount of approvals needed to complete a specific action within a team, review the following statements:

  • The Manage all teams permission allows you to change the approval amount on any team in the account.

  • The Manage my teams permission allows you to change the approval amount on any team in the account that you are a part of.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Select Account > Teams.

  4. Select the desired team.

  5. Next to Approvals required, select the edit icon.

  6. Navigate to Approvals required.

  7. Update the required amount of approvals needed to complete a specific action within the team. You can update approvals for the following team actions:

    • Approve offline release

    • Export keypair

    • Delete keypair

    • Revoke certificate

  8. Select Update team.

Dans cette section​: