Skip to main content

Users, API tokens, and service users

Once a system admin sets up your initial admin account, you are ready to get started. A common area to get started is in Account Manager is where you add and manage users for DigiCert​​®​​ IoT Trust Manager. It is also where you create and manage API tokens and service users for DigiCert​​®​​ IoT Trust Manager.

See the Account Manager: Get started guide for hosted services to find instructions for adding users and creating API tokens and service users.

Adding users

For a user to work in DigiCert​​®​​ IoT Trust Manager, they only need permissions for DigiCert​​®​​ IoT Trust Manager. Role and permission-based access allows you to control what users can see and do inside DigiCert​​®​​ IoT Trust Manager and DigiCert ONE®. While adding and editing a user, set up their role and permissions to ensure they can see and do what is necessary to complete their tasks.

IoT Trust Manager user roles

IoT Trust Manager user roles define the set of permissions given to a user.

The principal IoT Trust Manager user role with most administrative and configuration permissions within IoT Trust Manager. This user is responsible for configuring profiles and workflows, integrating third-party tools, and managing certificates.

Permissions

Category

Permission

Description

General

Manage alerts

Configure and apply anomaly detection policies. Update and close alerts when detected and addressed.

Manage division

Create and manage divisions to manage user access to some IoT Trust Manager assets, such as certificate profiles and intermediate CAs.

Manage gateway

Configure and manage a DigiCert gateway for outbound/inbound IoT Trust Manager network traffic.

Manage settings

View and update general IoT Trust Manager settings.

View audit log

View audit and signature logs in the account.

View license

View licenses for the account.

Device management

Manage device

Monitor and manage device records for the devices in your IoT production environment.

Manage device profile

Create and update device profiles that define API access and custom data fields for individual device records.

Certificate management

Manage authentication CA

Manage device authentication for certificate requests in your IoT production environment. Create and update authentication CA templates and upload authentication CAs.

Manage certificate

Manage individual and batch certificate requests and records for issued certificates.

Manage certificate profile

Define and manage certificate configuration requirements, including required and optional fields.

Manage enrollment profile

Configure certificate enrollment parameters, including allowed enrollment methods, issuing CA, and device and certificate profiles to use.

Manage external CAs

Monitor external CAs and manage division and enrollment profile assignments.

Manage IoT CA

Request and manage intermediate CAs.

Manage OCSP grouping

Manage bulk OCSP calls and responses for certificate status.

Manage certificate template

Add and manage certificate structure and format requirements.

The principal IoT Trust Manager user role with most administrative and configuration permissions within IoT Trust Manager. This user is responsible for configuring profiles and workflows and integrating third-party tools.

Nota

System users cannot request certificates or intermediate CAs.

Permissions

Category

Permission

Description

General

Manage alerts

Configure and apply anomaly detection policies. Update and close alerts when detected and addressed.

Manage division

Create and manage divisions to manage user access to some IoT Trust Manager assets, such as certificate profiles and intermediate CAs.

Manage gateway

Configure and manage a DigiCert gateway for outbound/inbound IoT Trust Manager network traffic.

Manage settings

View and update general IoT Trust Manager settings.

View app health

View app health (API).

View audit log

View audit and signature logs in the account.

Device management

Manage device

Monitor and manage device records for the devices in your IoT production environment.

Manage device profile

Create and update device profiles that define API access and custom data fields for individual device records.

Certificate management

Manage authentication CA

Manage device authentication for certificate requests in your IoT production environment. Create and update authentication CA templates and upload authentication CAs.

View certificate

View individual and batch certificate requests and records for issued certificates.

Manage certificate profile

Define and manage certificate configuration requirements, including required and optional fields.

Manage enrollment profile

Configure certificate enrollment parameters, including allowed enrollment methods, issuing CA, and device and certificate profiles to use.

Manage external CAs

Monitor external CAs and manage division and enrollment profile assignments.

Manage IoT CA

Request and manage intermediate CAs.

Manage OCSP grouping

Manage bulk OCSP calls and responses for certificate status.

Manage certificate template

Add and manage certificate structure and format requirements.

API tokens have the same permissions and scope as the administrator that creates them. Actions performed using the API token are logged under the administrator's username.

Service users are nonuser-related API tokens that don't belong to or inherit an administrator's permissions. When creating a service user, assign it only the permissions needed for its intended API integration. Actions linked to the service user are logged under the service user's friendly name.