This document provides information about the Add access policies and Edit access policies screens, which share the same fields.
Path to access
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Access control > Access policies, and click Add.
or
- In the selected record click the Actions button, and select Edit.
General tab
This tab provides general information about the access policy.
| Item | Type | Required | Description |
|---|---|---|---|
| Access policy name* | Text field | Yes | Access policy identifier name. |
| Status | Toggle button | No | Enables or disables the access policy status. |
| Description | Text field | No | General information about the access policies. |
Certificate Policy tab
This tab provides information about the download permissions and rules defined in the access policy.
Info
In this section, some fields will only be displayed after some specific fields are enabled.
Download settings section
| Item | Type | Required | Description |
|---|---|---|---|
| User can download the request? | Checkbox | No | Allows the user to download the CSR (certificate request file) if enabled. |
| User can download key? | Checkbox | No | Allows the user to download the private key associated with the certificate. |
| User can download certificate? | Checkbox | No | Allows the user to download the issued certificate file. |
Certificate passwords section
| Item | Type | Required | Description |
|---|---|---|---|
| Allow users to view passwords | Checkbox | No | Enables or disables permission for users to view the credential password. |
| Part of the password to be viewed | Dropdown menu | Yes | Options for how the password will be displayed: Full password, First part of the password, or Second part of the password. Members of this group will only see the defined portion. However, proxy functionalities can still use the full password, as users don’t have access to the plain text when using any proxy solution. |
| Requires justification to view certificate password | Checkbox | No | Enables or disables the requirement for users to provide a justification before viewing the password. |
| Require approval to view a password | Checkbox | No | Enables or disables the requirement for an approver to authorize the user to view the password. Once enabled, you must define how many approvals are needed. |
| Approvals required for viewing | Quantity input | No | Select how many approvals are required for the operation to be authorized at each level (does not count the total number of approvals). |
| Disapprovals required to cancel | Quantity input | No | Select how many disapprovals are needed to reject the operation at each level (does not count the total number of disapprovals). |
| Approval in levels | Checkbox | No | Enables or disables tiered approval. When enabled, a hierarchy of approvers can be set. |
| Approvals in levels required to view a password | Quantity input | No | Defines the number of approvals required per level to authorize password viewing. |
| Disapprovals in levels required to cancel | Quantity input | No | Defines the number of disapprovals required per level to reject the password viewing request. |
Automation policy tab
This tab provides information about signature and publication policies, including whether a justification or approval is required for these actions.
Info
In this section, some fields will only be displayed after some specific fields are enabled.
Certificate signature and renewal section
| Item | Type | Required | Description |
|---|---|---|---|
| Require reason for signature | Checkbox | No | Enables or disables the requirement for the user to provide a justification before signing a certificate. |
| Require approval for signature | Checkbox | No | Enables or disables the requirement for approval before signing a certificate. |
| Approvals needed to sign | Quantity input | No | Defines the number of approvals required to authorize certificate signing. |
| Disapprovals required to cancel | Quantity input | No | Defines the number of disapprovals required to cancel the signing request. |
| Approval in levels | Checkbox | No | Enables hierarchical approval for certificate signing requests. |
| Approvals in level needed to sign | Quantity input | No | Defines the number of approvals required per level for the signing request to be approved. |
| Disapprovals in levels required to cancel | Quantity input | No | Defines the number of disapprovals required per level to reject the signing request. |
Certificate publishing section
| Item | Type | Required | Description |
|---|---|---|---|
| Require reason to publish | Checkbox | No | Enables or disables the requirement for a justification before publishing the certificate. |
| Require approval to publish | Checkbox | No | Enables or disables the requirement for approval before publishing the certificate. |
| Approvals needed to publish | Quantity input | No | Defines how many approvals are needed to authorize publication. |
| Disapprovals required to cancel | Quantity input | No | Defines how many disapprovals are required to cancel the publication request. |
| Approval in levels | Checkbox | No | Enables tiered approval for certificate publication requests. |
| Approvals in level needed to publish | Quantity input | No | Defines the number of approvals required at each level to approve publication. |
| Disapprovals in levels required to cancel | Quantity input | No | Defines the number of disapprovals required at each level to cancel publication. |
Criteria tab
This tab provides information about the access policy criteria.
| Item | Type | Required | Description |
|---|---|---|---|
| CA | Toggle button | No | Enables or disables the text field to include Certificate authorities. |
| CA (Comma sep.) | Text field | No | Name of the Certificate authorities. |
| Organization | Toggle button | No | Enables or disables the text field to include organization. |
| Organization (Comma separated) | Text field | No | Name of the organizations. |
| DNS | Toggle button | No | Enables or disables the text field for including DNS. |
| DNS (comma sep.) | Text field | No | DNS names. |
| Tags | Toggle button | No | Enables or disables the text field to include tags. |
| Tags (comma separated) | Text field | No | Tags associated with the criteria. |
| Allowed authorities* | Dropdown menu | Yes | Selects which Certificate authorities are allowed by the policy. |
Users tab
This tab provides information about the list of users included in the access policy.
| Item | Type | Required | Description |
|---|---|---|---|
| Users | Text field | No | Search for the users in the list of included users. |
| Add / Remove selected | Button | No | Add or remove the selected users. |
| Users table | Table | No | Displays the user’s data. The fields are: ID, Name, Username, E-mail, Creation type, Department, Added by, and Added on. |
Info
By default, users belonging to more than one access group will be assigned the most restrictive group settings.
Approvers tab
This tab provides information about the list of approvers added to the access policy.
| Item | Type | Required | Description |
|---|---|---|---|
| Approvers | Text field | No | Search for the approvers in the list of included approvers. |
| Add / Remove selected | Button | No | Add or remove the selected approvers. |
| Approvers table | Table | No | Displays the user’s data. The fields are: *ID, Name, Username, E-mail, Creation type, Department, Added by, and Added on. |
| Level | Dropdown menu | No | Options to choose possible approver levels. The options are: Level 1, Level 2, and Level 3. |
| Governance ID required when justifying?* | Toggle button | Yes | Enables or disables whether the applicant must enter the ITMS code at the time of justification. |
| Always add user manager to approvers?* | Toggle button | Yes | Enables or disables whether the user responsible for the registered user's department should be automatically consulted as an additional approver for this group. This way, this user will be alerted with the other approvers in the Approvers tab. |
Attention
To become an approver, a user must have the certificates approver profile.
Review tab
Use the Review tab to check all the information entered in the previous tabs.