How to configure access policies

  • 5 minute(s) read
Prev Next

This document provides information on how to configure access policies to use within Certificate Manager.

Create an access policy

To create an access policy, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Access control > Access policies.
  3. In the top right corner, click Add.
  4. In the General tab, enter the following information:
    1. In the Access policy name *, enter the access policy name.
    2. In the Status button, activate or deactivate the access policy.
    3. In the Description field, enter a description for the access policy.
  5. Click Continue.
  6. (Optional): In the Certificate Policy tab, enter the following information about download, and certificate passwords settings:
    1. In the User can download the request? checkbox, select to allow users to download requests.
    2. In the User can download the key? checkbox, select to allow users to download keys.
    3. In the User can download the certificate? checkbox, select to allow users to download certificates.
    4. In the User can view the passwords certificate checkbox, select to allow users to view certificates' password.
    5. In the Part of the password to be viewed * field, select which part of the password the user can view.
    6. In the Requires justification to view certificate password checkbox, select to require users to enter a justification when viewing certificates' passwords.
    7. In the Require approval to view a password checkbox, select to require approvals before viewing passwords.
      1. In the Approvals required to view a password field, enter the number of approvals needed to view a password.
      2. In the Disapprovals required to cancel field, enter the number of disapprovals needed to cancel the visualization of a password.
    8. In the Approval in levels checkbox, select to define that approvals will happen in levels.
      1. In the Approvals in levels required to view a password field, enter the number of approvals in levels needed to view a password.
      2. In the Disapprovals in levels required to cancel field, enter the number of disapprovals in levels needed to cancel the visualization of a password.
  7. Click Continue.
  8. In the Automation Policy, enter the following information about certificate signatures and renewal, and certificate publishing:
    1. In the Require reason for signature checkbox, select to require a reason when signing certificates.
    2. In the Require approval for signature checkbox, select to require approvals when signing certificates.
      1. In the Approvals needed to sign field, enter the number of approvals needed to sign a certificate.
      2. In the Disapprovals required to cancel field, enter the number of disapprovals needed to not approve certificate signing.
    3. In the Approval in levels checkbox, select to define that approvals will happen in levels.
      1. In the Approvals in level needed to sign field, enter the number of approvals in levels needed to sign a certificate.
      2. In the Disapprovals in levels required to cancel field, enter the number of disapprovals in levels needed to not approve certificate signing.
    4. In the Require reason to publish checkbox, select to request reason when publishing certificates.
    5. In the Require approval to publish checkbox, select to request approval when publishing certificates.
      1. In the Approvals needed to publish field, enter the number of approvals needed to publish a certificate.
      2. In the Disapprovals required to cancel field, enter the number of disapprovals needed to not approve certificate publishing.
    6. In the Approval in levels checkbox, select to define that approvals will happen in levels.
      1. In the Approvals in level needed to publish field, enter the number of approvals in levels needed to publish a certificate.
      2. In the Disapprovals in levels required to cancel field, enter the number of disapprovals in levels needed to not approve certificate publishing.
  9. Click Continue.
  10. (Optional): In the Criteria tab, enter the following information about additional criteria to allow the users to perform actions based on the configured criteria.
    1. In the CA field, enter the desired CA.
    2. In the Organization field, enter the desired organização.
    3. In the DNS field, enter the desired DNS.
    4. In the Tags field, enter the desired tags.
    5. In the Allowed authorities * field, select the authorities allowed to sign certificates of this access policy. The users of this access policy can sign certificates based on the allowed authorities.
  11. Click Continue.
  12. (Optional): In the Users tab, click + Add to enter the users of this access policy.
    1. Select the desired users, and click Add.
    Info

    When a user belongs to multiple access groups, the system will apply the settings of the most restrictive group.

  13. Click Continue.
  14. (Optional): In the Approvers tab, click + Add to enter the approvers of this access policy.
    1. Select the approving users desired, and click Add.
    2. In the Governance ID required when justifying? field, toggle the button to request for the governance ID when justifying.
    3. In the Always add user manager to approvers? field, toggle the button to always add the user manager as an approver.
  15. Click Continue.
  16. In the Review tab, review all information entered previously, and click Save.

Edit an access policy

To edit an access policy, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Access control > Access policies.
  3. In the desired signature reason, click Actions > Edit.
  4. Edit the desired fields.
  5. Click Save to save the changes.
Info

In the upper right corner, the eye icon provides information about the date and time of creation and update of the profile.

Clone an access policy

Cloning serves to copy all the settings of an existing group, speeding up the creation process. To clone an access policy, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Access control > Access policies.
  3. In the desired signature reason, click Actions > Clone.

The new access policy will appear listed on the Access policies report screen.

Deactivate an access policy

To deactivate an access policy, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Access control > Access policies.
  3. In the desired signature reason, click Actions > Edit.
  4. In the Status button, toggle it to off to deactivate the access policy.
  5. Click Save to confirm the deactivation.

Do you still have questions? Reach out to the Segura Community.