Add/Edit Access policies

Prev Next

This document provides information about the Add access policies and Edit access policies screens, which share the same fields.

Path to access

  1. On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
  2. In the side menu, select Access control > Access policies, and click Add.

or

  1. In the selected record click the Actions button, and select Edit.

General tab

This tab provides general information about the access policy.

Item Type Required Description
Access policy name* Text field Yes Access policy identifier name.
Status Toggle button No Enables or disables the access policy status.
Description Text field No General information about the access policies.

Certificate Policy tab

This tab provides information about the download permissions and rules defined in the access policy.

Info

In this section, some fields will only be displayed after some specific fields are enabled.

Download settings section

Item Type Required Description
User can download the request? Checkbox No Allows the user to download the CSR (certificate request file) if enabled.
User can download key? Checkbox No Allows the user to download the private key associated with the certificate.
User can download certificate? Checkbox No Allows the user to download the issued certificate file.

Certificate passwords section

Item Type Required Description
Allow users to view passwords Checkbox No Enables or disables permission for users to view the credential password.
Part of the password to be viewed Dropdown menu Yes Options for how the password will be displayed: Full password, First part of the password, or Second part of the password. Members of this group will only see the defined portion. However, proxy functionalities can still use the full password, as users don’t have access to the plain text when using any proxy solution.
Requires justification to view certificate password Checkbox No Enables or disables the requirement for users to provide a justification before viewing the password.
Require approval to view a password Checkbox No Enables or disables the requirement for an approver to authorize the user to view the password. Once enabled, you must define how many approvals are needed.
Approvals required for viewing Quantity input No Select how many approvals are required for the operation to be authorized at each level (does not count the total number of approvals).
Disapprovals required to cancel Quantity input No Select how many disapprovals are needed to reject the operation at each level (does not count the total number of disapprovals).
Approval in levels Checkbox No Enables or disables tiered approval. When enabled, a hierarchy of approvers can be set.
Approvals in levels required to view a password Quantity input No Defines the number of approvals required per level to authorize password viewing.
Disapprovals in levels required to cancel Quantity input No Defines the number of disapprovals required per level to reject the password viewing request.

Automation policy tab

This tab provides information about signature and publication policies, including whether a justification or approval is required for these actions.

Info

In this section, some fields will only be displayed after some specific fields are enabled.

Certificate signature and renewal section

Item Type Required Description
Require reason for signature Checkbox No Enables or disables the requirement for the user to provide a justification before signing a certificate.
Require approval for signature Checkbox No Enables or disables the requirement for approval before signing a certificate.
Approvals needed to sign Quantity input No Defines the number of approvals required to authorize certificate signing.
Disapprovals required to cancel Quantity input No Defines the number of disapprovals required to cancel the signing request.
Approval in levels Checkbox No Enables hierarchical approval for certificate signing requests.
Approvals in level needed to sign Quantity input No Defines the number of approvals required per level for the signing request to be approved.
Disapprovals in levels required to cancel Quantity input No Defines the number of disapprovals required per level to reject the signing request.

Certificate publishing section

Item Type Required Description
Require reason to publish Checkbox No Enables or disables the requirement for a justification before publishing the certificate.
Require approval to publish Checkbox No Enables or disables the requirement for approval before publishing the certificate.
Approvals needed to publish Quantity input No Defines how many approvals are needed to authorize publication.
Disapprovals required to cancel Quantity input No Defines how many disapprovals are required to cancel the publication request.
Approval in levels Checkbox No Enables tiered approval for certificate publication requests.
Approvals in level needed to publish Quantity input No Defines the number of approvals required at each level to approve publication.
Disapprovals in levels required to cancel Quantity input No Defines the number of disapprovals required at each level to cancel publication.

Criteria tab

This tab provides information about the access policy criteria.

Item Type Required Description
CA Toggle button No Enables or disables the text field to include Certificate authorities.
CA (Comma sep.) Text field No Name of the Certificate authorities.
Organization Toggle button No Enables or disables the text field to include organization.
Organization (Comma separated) Text field No Name of the organizations.
DNS Toggle button No Enables or disables the text field for including DNS.
DNS (comma sep.) Text field No DNS names.
Tags Toggle button No Enables or disables the text field to include tags.
Tags (comma separated) Text field No Tags associated with the criteria.
Allowed authorities* Dropdown menu Yes Selects which Certificate authorities are allowed by the policy.

Users tab

This tab provides information about the list of users included in the access policy.

Item Type Required Description
Users Text field No Search for the users in the list of included users.
Add / Remove selected Button No Add or remove the selected users.
Users table Table No Displays the user’s data. The fields are: ID, Name, Username, E-mail, Creation type, Department, Added by, and Added on.
Info

By default, users belonging to more than one access group will be assigned the most restrictive group settings.

Approvers tab

This tab provides information about the list of approvers added to the access policy.

Item Type Required Description
Approvers Text field No Search for the approvers in the list of included approvers.
Add / Remove selected Button No Add or remove the selected approvers.
Approvers table Table No Displays the user’s data. The fields are: *ID, Name, Username, E-mail, Creation type, Department, Added by, and Added on.
Level Dropdown menu No Options to choose possible approver levels. The options are: Level 1, Level 2, and Level 3.
Governance ID required when justifying?* Toggle button Yes Enables or disables whether the applicant must enter the ITMS code at the time of justification.
Always add user manager to approvers?* Toggle button Yes Enables or disables whether the user responsible for the registered user's department should be automatically consulted as an additional approver for this group. This way, this user will be alerted with the other approvers in the Approvers tab.
Attention

To become an approver, a user must have the certificates approver profile.

Review tab

Use the Review tab to check all the information entered in the previous tabs.