Teams
Select users, groups, or both to form a team and then map relevant resources to them. You can restrict team resources such as keypairs, releases, and enforce keypair profiles and certificate profiles.
注記
Enable teams on your account to use this feature.
Enable Teams
You require the Manage license
or Manage account settings
to enable teams on your account.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Account settings.
Select the edit icon.
Select the checkboxes under the Teams section according to your requirements.
注記
To enforce that a keypair profile must be selected for keypair generation:
Enable Allow team mapping for keypairs and certificate profiles under the Teams section.
Enable Require keypair profile to generate keypair under the Keypair section.
Select Update settings.
Create a team
You require the Manage all teams
permission to create a team.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Teams.
Select Create.
Complete these fields:
Field | Description |
---|---|
Team name | Name to uniquely identify this team. |
Users | Select users who are allowed to access this team's resources. |
Groups | Select groups allowed to access this team's resources. |
Approvals required | Select the number of approvals required for this team to approve:
|
Keypairs | Select keypairs that this team can use. 注記The drop-down list only shows keypairs that are not assigned to any team. |
GPG keypairs | Select GPG keypairs that this team can use. 注記The drop-down list only shows GPG keypairs that are not assigned to any team. |
Keypair profiles | Select keypairs profiles that this team can use. |
Certificate profiles | Select certificate profiles that this team can use. |
Projects | Select projects to assign to the team. 注記The drop-down list only shows projects that are not assigned to any team. |
License limitations | Set a maximum number of signature and HSM units this team can use. |
Expiry date | Set an expiry date for this team. |
Team approvals workflows and permissions
When teams are enabled for your account, the specific actions need to be requested and approved by the team. The number of approvals required before the action is considered approved can be changed by updating the team.
The following actions require approval:
Create offline releases
Export keypairs
Delete keypairs
Revoke certificates
The following permissions determines which user can request or approve these actions:
Request an above action for the team they belong to:
User must have the one of the following permissions:
request release
,request keypair export
,request keypair delete
and, orrevoke certificate
.Approve an above action for the team they belong to:
User must have one of the following permissions:
approve release window
,approve keypair export
,approve keypair delete
and, orrevoke certificate
.
Update team
This section outlines team features can be updated.
注記
You require the following permission to update a team:
Manage all teams
permission allows you to change the approval amount on any team in the account.Manage my teams
permission allows you to change the approval amount on any team in the account that you are a part of.
Add or remove team resources
To add or remove resources assigned to a team:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Teams.
Click on the team name you want to update.
Click the edit icon.
Update the following fields:
Field
Description
Keypairs
Select standard keypairs to assign to the team.
注記
The drop-down list only shows GPG keypairs that are not assigned to any team.
GPG keypairs
Select GPG keypairs to assign to the team.
注記
The drop-down list only shows GPG keypairs that are not assigned to any team.
Keypair profiles
Select keypair profiles to assign to the team.
Certificate profiles
Select certificate profiles to assign to the team.
Projects
Select projects to assign to the team.
注記
The drop-down list only shows projects that are not assigned to any team.
Select Update team.
Change required approvals
To change the required amount of approvals to complete a specific action within a team:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Teams.
Click on the team name you want to update.
Click the edit icon.
Change the approval amount for the action.
Select Update team.
注記
You require the following permission to update the approval amount:
Manage all teams
permission allows you to change the approval amount on any team in the account.Manage my teams
permission allows you to change the approval amount on any team in the account that you are a part of.
Update or remove signing limit
To update or remove the signing limit for the team:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Teams.
Click on the team name you want to update.
Click the edit icon.
To set the maximum number of signature units that this team can use, select one of the following options under License limitations:
Field
Description
No limit
Select this radio button to enable the team to do unlimited signing.
Limit
Select this radio button and enter the amount of signing units the team is allowed to do. One signature unit is consumed every time a user signs.
Select Update team.
Approval procedure for team actions
When teams are enabled and a user requests to complete an action, the following approval procedure will occur:
All users on the team with the permission to approve the action receives an email with the request.
The approver must click View request in the email.
The approver must review the request and click Approve or Reject.
Once the required amount of approvals are received, depending on the request:
The certificate will be revoked.
The keypair will be deleted.
The offline release will be created.
The requester will receive an email with a link to export the keypair.
注記
If one user rejects the request, the entire request will be canceled and the user has to request the action again.