- DigiCert product docs
- DigiCert KeyLocker
- 全般
- Users
- Types of users
- サービスユーザーアカウント
サービスユーザーアカウント
DigiCert® Software Trust Managerサービスユーザーを作成するには、アカウントマネージャ > アクセス > サービスユーザーに進みます。サービスユーザーの作成を選択し、ユーザー詳細を入力します。
Service users are only identified by an alias and an email address for notifications.
Create service user
Sign in to DigiCert ONE.
Navigate to: Manager menu icon (top-right).
Select DigiCert® Account Manager.
In the left navigation bar, select Access > Service user.
Select Create service user.
Enter the following service user information:
Field
Description
Friendly name
A unique, easily identifiable name for the user.
Description
Further illustrate the purpose of this user. This is an optional field.
End date
Determines when the service user credential expires. This is an optional field.
Email
Email address of the person managing this credential.
Accounts that can use this service user
Select accounts that connect to this user.
DigiCert ONE Manager access
Select DigiCert® KeyLocker.
注記
Additionally select DigiCert® Account Manager if the user is required to manage other users, accounts, or organizations for the DigiCert ONE account.
Select Next.
Assign the necessary DigiCert® KeyLocker role for the service user:
例 1. KeyLocker LeadThe KeyLocker Lead role is usually assigned to an account lead who manages assets, users, and is able to sign with the key stored in DigiCert® KeyLocker.
The DigiCert® KeyLocker Lead role has the following permissions assigned:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert® KeyLocker.
Manage user
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Account settings
Manage CertCentral API key
User can delete, disable, enable, setup, update and validate a CertCentral API key.
Certificates
View certificate
User can view certificate details in the account.
Revoke certificate
User can revoke certificates in the account.
Keypairs
View keypair
User can view keypair details in the account.
Manage keypair
User can update the keypair alias.
Signatures
Sign
User can sign.
例 2. KeyLocker SignerThe KeyLocker Signer role is usually assigned to an engineer or an authenticated device that signs software.
The DigiCert® KeyLocker Signer role has the following permissions assigned:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert® KeyLocker.
Certificates
View certificate
User can view certificate details in the account.
Keypairs
View keypair
User can view keypair details in the account.
Signature
Sign
User can sign.
Assign an Account Manager role for the service user, if necessary:
例 3. Account adminThe Account admin role is used for the primary point of contact for managing account setup and user access.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
Manage accounts
User can view and modify account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
Manage organizations
User can view and modify organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert ONE.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
例 4. User managerThe User manager role is used for managing user access and permissions.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
例 5. Account userThe Account user role is for basic users that need to view account, organization, and user information but primarily works in DigiCert® KeyLocker.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
例 6. Default userThe Default user role is for basic users who need to view account and user information but primarily works in DigiCert® KeyLocker.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
例 7. View onlyThe View only role is used for auditing and executive read-only access to account and user data.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
Select Create service user.
注意
Select the copy icon to copy the token ID.