Skip to main content

Teams

Select users, groups, or both to form a team and then map relevant resources to them. You can restrict team resources such as keypairs, releases, and enforce keypair profiles and certificate profiles.

注意

Enable teams on your account to use this feature.

Enable Teams

You require the Manage license or Manage account settings to enable teams on your account.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Account settings.

  4. Select the edit icon.

  5. Select the checkboxes under the Teams section according to your requirements.

    注意

    To enforce that a keypair profile must be selected for keypair generation:

    • Enable Allow team mapping for keypairs and certificate profiles under the Teams section.

    • Enable Require keypair profile to generate keypair under the Keypair section.

  6. Select Update settings.

Create a team

You require the Manage all teams permission to create a team.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Teams.

  4. Select Create.

Complete these fields:

Field

Description

Team name

Name to uniquely identify this team.

Users

Select users who are allowed to access this team's resources.

Groups

Select groups allowed to access this team's resources.

Approvals required

Select the number of approvals required for this team to approve:

  • Offline releases

  • Export keypairs

  • Delete keypairs

  • Revoke certificates

Keypairs

Select keypairs that this team can use.

注意

The drop-down list only shows keypairs that are not assigned to any team.

GPG keypairs

Select GPG keypairs that this team can use.

注意

The drop-down list only shows GPG keypairs that are not assigned to any team.

Keypair profiles

Select keypairs profiles that this team can use.

Certificate profiles

Select certificate profiles that this team can use.

Projects

Select projects to assign to the team.

注意

The drop-down list only shows projects that are not assigned to any team.

License limitations

Set a maximum number of signature and HSM units this team can use.

Expiry date

Set an expiry date for this team.

Required approvals

The teams feature allows you to select 1-3 approvals required to complete the following actions:

  • Offline releases

  • Export keypairs

  • Delete keypairs

  • Revoke certificates

注意

  • To request one of the above actions, the team member must have the associated permission: request release window, request keypair export, request keypair delete and, or revoke certificate.

  • To approve one of the above actions, the team member must have the associated permission: approve release window, approve keypair export, approve keypair delete and, or revoke certificate.

Update team

This section outlines team features can be updated.

注意

You require the following permission to update a team:

  • Manage all teams permission allows you to change the approval amount on any team in the account.

  • Manage my teams permission allows you to change the approval amount on any team in the account that you are a part of.

Add or remove team resources

To add or remove resources assigned to a team:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Teams.

  4. Click on the team name you want to update.

  5. Click the edit icon.

  6. Update the following fields:

    Field

    Description

    Keypairs

    Select standard keypairs to assign to the team.

    注意

    The drop-down list only shows GPG keypairs that are not assigned to any team.

    GPG keypairs

    Select GPG keypairs to assign to the team.

    注意

    The drop-down list only shows GPG keypairs that are not assigned to any team.

    Keypair profiles

    Select keypair profiles to assign to the team.

    Certificate profiles

    Select certificate profiles to assign to the team.

    Projects

    Select projects to assign to the team.

    注意

    The drop-down list only shows projects that are not assigned to any team.

  7. Select Update team.

Change required approvals

To change the required amount of approvals to complete a specific action within a team:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Teams.

  4. Click on the team name you want to update.

  5. Click the edit icon.

  6. Change the approval amount for the action.

  7. Select Update team.

注意

You require the following permission to update the approval amount:

  • Manage all teams permission allows you to change the approval amount on any team in the account.

  • Manage my teams permission allows you to change the approval amount on any team in the account that you are a part of.

Update or remove signing limit

To update or remove the signing limit for the team:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Teams.

  4. Click on the team name you want to update.

  5. Click the edit icon.

  6. To set the maximum number of signature units that this team can use, select one of the following options under License limitations:

    Field

    Description

    No limit

    Select this radio button to enable the team to do unlimited signing.

    Limit

    Select this radio button and enter the amount of signing units the team is allowed to do. One signature unit is consumed every time a user signs.

  7. Select Update team.

Approval procedure for team actions

When teams are enabled and a user requests to complete an action, the following approval procedure will occur:

  1. All users on the team with the permission to approve the action receives an email with the request.

  2. The approver must click View request in the email.

  3. The approver must review the request and click Approve or Reject.

  4. Once the required amount of approvals are received, depending on the request:

    1. The certificate will be revoked.

    2. The keypair will be deleted.

    3. The offline release will be created.

    4. The requester will receive an email with a link to export the keypair.

注意

If one user rejects the request, the entire request will be canceled and the user has to request the action again.