- DigiCert product docs
- Software Trust Manager
- Overview
- Users
- Create a service user
Create a service user
Designed for automated workflows, service users also have access to a specific account but cannot sign into the platform. They authenticate with client tools and APIs using their API key and client certificate, typically on build servers or other automated systems.
Follow these steps to create a service user:
Sign in to DigiCert ONE.
Navigate to Manager menu icon (top-right).
Select DigiCert® Account Manager.
In the left navigation bar, select Access > Service user.
Select Create service user.
Enter the following service user information:
Field
Description
Friendly name
A unique, easily identifiable name for the user.
Description
Further illustrate the purpose of this user. This is an optional field.
End date
Determines when the service user credential expires. This is an optional field.
Email
Email address of the person managing this credential.
Accounts that can use this service user
Select accounts that connect to this user.
DigiCert ONE Manager access
Select Software Trust Manager.
Opmerking
Additionally select DigiCert® Account Manager if the user is required to manage other users, accounts, or organizations for the DigiCert ONE account.
Select Next.
Assign the necessary Software Trust Manager role for the service user:
voorbeeld 1. LeadThe lead role is used for users responsible for managing cryptographic assets, enforcing policies, monitoring compliance for users in the account.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
Manage account settings
User can update DigiCert® Software Trust Manager > Accounts > Account settings.
Manage CertCentral API key
User can delete, disable, enable, setup, update and validate a CertCentral API key.
View license
User can view licenses for the account.
Teams
Manage all teams
User can:
Create new teams.
View, update, deactivate, delete, and map resources to existing teams.
Audit logs
View audit log
User can view audit and signature logs in the account.
Export audit logs
User can export audit logs in the account.
Certificates
Manage certificate hierarchy
User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.
Manage certificate profiles
User can:
Create, update, enable, disable, and delete certificate profiles.
Update and delete certificates.
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Generate certificate
User can create a new certificate.
Import certificate
User can import certificates into the account.
Revoke certificate
User can revoke certificates in the account.
View certificate
User can view certificate details in the account.
Keypairs
Request keypair export
User can request to export keypairs.
Approve keypair export
User can approve requests to export keypairs.
Approve keypair delete
User can approve requests to delete keypairs.
Import keypair
User can import keypairs into the account.
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Manage keypair
User can:
Update, suspend or unsuspend keypairs.
Create, update, enable, and disable keypair profiles.
Create and update user groups.
Create, update, and refresh key rotation.
Generate a CSR
Manage master keypair
User can:
Create GPG master key
Update, import, delete, generate, revoke, suspend, unsuspend a master key.
Sign and create subkeys.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Request release
User can request to create an offline release.
Approve release
User can approve requests to create offline releases.
Threat detection
Manage Threat detection
User can view and download threat detection scans in the account.
voorbeeld 2. Team leadThe team lead role is used for managing developers and engineering teams responsible for signing and releasing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Teams
Manage my team
User can view, update, deactivate, and map resources to existing teams that they are part of.
Audit logs
View audit log
User can view audit and signature logs in the account.
Export audit logs
User can export audit logs in the account.
Certificates
Manage certificate hierarchy
User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Import certificate
User can import certificates into the account.
Revoke certificate
User can revoke certificates in the account.
Generate certificate
User can create a new certificate.
View certificate
User can view certificate details in the account.
Keypairs
Import keypair
User can import keypairs into the account.
Request keypair export
User can request to export keypairs.
Approve keypair export
User can approve requests to export keypairs.
Approve keypair delete
User can approve requests to delete keypairs.
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Manage keypair
User can:
Update, suspend or unsuspend keypairs.
Create, update, enable, and disable keypair profiles.
Create and update user groups.
Create, update, and refresh key rotation.
Generate a CSR
Manage master keypair
User can:
Create GPG master key
Update, import, delete, generate, revoke, suspend, unsuspend a master key.
Sign and create subkeys.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Request release
User can request to create an offline release.
Approve release
User can approve requests to create offline releases.
Threat detection
Manage Threat detection
User can download threat detection scans in the account.
User can run scans on software using Threat detection.
voorbeeld 3. DeveloperThe developer role is used for users responsible for signing, managing assets related to signing, and releasing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
Generate certificate
User can create a new certificate.
View certificate
User can view certificate details in the account.
Keypairs
Generate keypair
User can create a new keypair.
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
Request release
User can request to create an offline release.
View release
User can view releases in the account.
Threat detection
View Threat detection
User can view threat detection scans in the account.
voorbeeld 4. Build engineerThe build engineer role is for users responsible for signing and scanning software using threat detection.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
View certificate
User can view certificate details in the account.
Keypairs
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Threat detection
View Threat detection
User can view threat detection scans in the account.
Manage Threat detection
User can download threat detection scans in the account.
Run Threat detection scans
User can run scans on software using Threat detection.
voorbeeld 5. SignerThe signer role is used for engineers or authenticated devices responsible for signing software.
The following permissions assigned to this role:
Category
Permission
Description
User settings
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
Account settings
View license
User can view licenses for the account.
Audit logs
View audit log
User can view audit and signature logs in the account.
Certificates
View certificate profile
User can view certificate profile details in the account.
View certificate template
User can view certificate template details in the account.
View certificate
User can view certificate details in the account.
Keypair
View keypair
User can view keypair details in the account.
Signatures
Sign
User can sign.
Releases
View release
User can view releases in the account.
Assign an Account Manager role for the service user, if necessary:
voorbeeld 6. Account adminThe Account admin role is used for the primary point of contact for managing account setup and user access.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
Manage accounts
User can view and modify account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
Manage organizations
User can view and modify organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert ONE.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
voorbeeld 7. User managerThe User manager role is used for managing user access and permissions.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
voorbeeld 8. Account userThe Account user role is for basic users that need to view account, organization, and user information but primarily works in Software Trust Manager.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
voorbeeld 9. Default userThe Default user role is for basic users who need to view account and user information but primarily works in Software Trust Manager.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
voorbeeld 10. View onlyThe View only role is used for auditing and executive read-only access to account and user data.
The following permissions assigned to this role:
Category
Permission
Description
Accounts and organizations
View accounts
User can view account details, such as:
Account status.
Organizations associated with the account.
Licenses allocated and remaining.
Sign in requirements.
Integrations.
View organizations
User can view organizations details, such as:
Organization status.
Account associated with the organization.
Organization name, address, and telephone number.
Contacts associated with the organization.
User management
Manage users
User can:
View details for all users, accounts, and organizations.
Modify, add, or remove users.
Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Default
User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
General
View logs
User can view DigiCert® Account Manager audit logs regarding actions that occur in your account, including but not limited to who logged in and what users or credentials were created.
Select Create service user.
Let op
Select the copy icon to copy the token ID.