Users, API tokens, and service users
Once a system admin sets up your initial admin account, you are ready to get started. A common area to get started is in Account Manager is where you add and manage users for DigiCert® IoT Trust Manager. It is also where you create and manage API tokens and service users for DigiCert® IoT Trust Manager.
See the Account Manager: Get started guide for hosted services to find instructions for adding users and creating API tokens and service users.
Adding users
For a user to work in DigiCert® IoT Trust Manager, they only need permissions for DigiCert® IoT Trust Manager. Role and permission-based access allows you to control what users can see and do inside DigiCert® IoT Trust Manager and DigiCert ONE®. While adding and editing a user, set up their role and permissions to ensure they can see and do what is necessary to complete their tasks.
IoT Trust Manager user roles
IoT Trust Manager user roles define the set of permissions given to a user.
The principal IoT Trust Manager user role with most administrative and configuration permissions within IoT Trust Manager. This user is responsible for configuring profiles and workflows, integrating third-party tools, and managing certificates.
Permissions
Category | Permission | Description |
|---|---|---|
General | Manage alerts | Configure and apply anomaly detection policies. Update and close alerts when detected and addressed. |
Manage division | Create and manage divisions to manage user access to some IoT Trust Manager assets, such as certificate profiles and intermediate CAs. | |
Manage gateway | Configure and manage a DigiCert gateway for outbound/inbound IoT Trust Manager network traffic. | |
Manage settings | View and update general IoT Trust Manager settings. | |
View audit log | View audit and signature logs in the account. | |
View license | View licenses for the account. | |
Device management | Manage device | Monitor and manage device records for the devices in your IoT production environment. |
Manage device profile | Create and update device profiles that define API access and custom data fields for individual device records. | |
Certificate management | Manage authentication CA | Manage device authentication for certificate requests in your IoT production environment. Create and update authentication CA templates and upload authentication CAs. |
Manage certificate | Manage individual and batch certificate requests and records for issued certificates. | |
Manage certificate profile | Define and manage certificate configuration requirements, including required and optional fields. | |
Manage enrollment profile | Configure certificate enrollment parameters, including allowed enrollment methods, issuing CA, and device and certificate profiles to use. | |
Manage external CAs | Monitor external CAs and manage division and enrollment profile assignments. | |
Manage IoT CA | Request and manage intermediate CAs. | |
Manage OCSP grouping | Manage bulk OCSP calls and responses for certificate status. | |
Manage certificate template | Add and manage certificate structure and format requirements. |
The principal IoT Trust Manager user role with most administrative and configuration permissions within IoT Trust Manager. This user is responsible for configuring profiles and workflows and integrating third-party tools.
Note
System users cannot request certificates or intermediate CAs.
Permissions
Category | Permission | Description |
|---|---|---|
General | Manage alerts | Configure and apply anomaly detection policies. Update and close alerts when detected and addressed. |
Manage division | Create and manage divisions to manage user access to some IoT Trust Manager assets, such as certificate profiles and intermediate CAs. | |
Manage gateway | Configure and manage a DigiCert gateway for outbound/inbound IoT Trust Manager network traffic. | |
Manage settings | View and update general IoT Trust Manager settings. | |
View app health | View app health (API). | |
View audit log | View audit and signature logs in the account. | |
Device management | Manage device | Monitor and manage device records for the devices in your IoT production environment. |
Manage device profile | Create and update device profiles that define API access and custom data fields for individual device records. | |
Certificate management | Manage authentication CA | Manage device authentication for certificate requests in your IoT production environment. Create and update authentication CA templates and upload authentication CAs. |
View certificate | View individual and batch certificate requests and records for issued certificates. | |
Manage certificate profile | Define and manage certificate configuration requirements, including required and optional fields. | |
Manage enrollment profile | Configure certificate enrollment parameters, including allowed enrollment methods, issuing CA, and device and certificate profiles to use. | |
Manage external CAs | Monitor external CAs and manage division and enrollment profile assignments. | |
Manage IoT CA | Request and manage intermediate CAs. | |
Manage OCSP grouping | Manage bulk OCSP calls and responses for certificate status. | |
Manage certificate template | Add and manage certificate structure and format requirements. |
API tokens have the same permissions and scope as the administrator that creates them. Actions performed using the API token are logged under the administrator's username.
Service users are nonuser-related API tokens that don't belong to or inherit an administrator's permissions. When creating a service user, assign it only the permissions needed for its intended API integration. Actions linked to the service user are logged under the service user's friendly name.