DigiCert® Device Trust Manager uses Role-Based Access Control (RBAC) to ensure users have the appropriate permissions for their responsibilities within the platform. This model restricts or grants access based on a user’s assigned role, enabling a secure and organized structure for managing IoT devices.
Role assignment is managed in DigiCert® Account Manager by an Account Administrator. See Account Manager documentation for more detail about user creation and management.
Assigning users to Device Trust Manager roles is performed through DigiCert® Account Manager by someone with Account administrator privileges.
Sign in to DigiCert ONE as an Account Administrator.
In the Manager menu (grid at top right), select Account.
Select Access > Users.
Click Add User and specify the required user details.
In the DigiCert ONE Manager access field, select Device Trust.
In the Device Trust Manager dropdown, select the appropriate role for the user. For example, Solution administrator.
For more information, see Detailed roles and permissions.
An account administrator is responsible for creating users and assigning roles in Device Trust Manager. Below is a quick breakdown of each role to help you understand each one and best practices for assigning them:
Solution Administrator: This is the primary administrator role for Device Trust Manager, with full access to all permissions. Assign this role carefully, as users in this position have the ability to perform any action within Device Trust Manager.
Device Creator: This role is intended for users responsible for registering devices individually or in bulk. It is commonly assigned to production managers or staff at manufacturing facilities where devices are initialized and registered.
Device Administrator: Assigned to users who need control over device lifecycle management, including enabling, disabling, deleting, and restoring devices. This role is often designated to users involved in ongoing device operations and support.
Artifact Manager: Artifact Managers are typically firmware developers or software engineers who create and upload device update packages. They handle the software artifacts that are deployed to devices, making this role essential for maintaining and updating device functionality.
Aviso
The Solution Administrator and Account Administrator roles are typically held by two different individuals. An Account Administrator, usually from IT, IT Security, or PKI Ops, administers DigiCert® ONE and controls access to the various management applications, including Device Trust Manager. The Solution Administrator, however, is more likely to be part of the product or operational team responsible for managing devices.
The table below provides a detailed breakdown of permissions associated with each role in Device Trust Manager:
Solution Administrator | Device Creator | Device Administrator | Artifact Manager | |
|---|---|---|---|---|
General permissions | ||||
Dashboard | View/Edit | View/Edit | View/Edit | View/Edit |
Divisions | View/Edit | View | View | View |
Notifications | View/Edit | View/Edit | View/Edit | View/Edit |
License | View | - | - | - |
System audit log | View | View | View | View |
Certificate management permissions | ||||
Authentication CAs | View/Edit | - | - | - |
CA connector | View/Edit | - | - | - |
Certificate management policy | View/Edit | View | View | - |
Certificate profile | View/Edit | View | View | - |
Certificate template | View | View | View | - |
Certificate renew | View/Edit | - | View/Edit | - |
Certificate request | View/Edit | View/Edit | View/Edit | - |
Certificate revoke | View/Edit | - | View/Edit | - |
OCSP groups | View/Edit | - | - | - |
Device management permissions | ||||
Devices | View/Edit | View | View/Edit | - |
Download bootstrap configuration | View/Edit | View/Edit | View/Edit | - |
Download certificates | View/Edit | View/Edit | View/Edit | - |
Register many devices | View/Edit | View/Edit | - | - |
Register single device | View/Edit | View/Edit | - | - |
Device groups | View/Edit | View | View | - |
Software update permissions | ||||
Artifacts | View/Edit | View | View | View/Edit |
Releases | View/Edit | View | View | View |
Deployments | View/Edit | View | View | View |
Job permissions | ||||
Batch certificate issuance jobs | View/Edit | - | View/Edit | - |
Batch device registration jobs | View/Edit | View/Edit | - | - |
Deployment jobs | View/Edit | - | - | - |
DigiCert® Gateway management | ||||
DigiCert® Gateway | View/Edit | View | View | - |