Identity and access management (IAM)

administrator is the {{ch}} default role you can add new roles with granular permissions defined depending on their purpose the following roles comprise the iam setup for a common key lifecycle management use case administrator responsible for {{ch}} administering and provisioning services key holder responsible for key components key manager responsible for managing key services and key approvals the following sections explain how to create key holder and key manager roles create key holder roles perform the following steps to create key holder roles log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > roles select \[ add ] follow the steps in the wizard to configure the new role, entering or selecting these details basic info role name key holder login count requirement normal hsm role enabled role type principal service permissions (none) management permissions (none) secure key permissions key component holder managed roles (none) advanced info (default) create key manager roles perform the following steps to create key manager roles log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > roles select \[ add ] follow the steps in the wizard to configure the new role, entering or selecting these details basic info role name key manager login count requirement 2 logins required hsm role enabled role type principal service permissions (none) management permissions services secure key permissions no usage wrap managed roles (none) advanced info external name (none) dual factor requirement (default) web login (default) hardware login (default) api login enabled administrator enabled next, you must create individual users and assign them the new key holder and key manager roles create key holder users perform the following steps to create key holder users log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > users repeat for each key holder basic info username keyholdera , keyholderb , keyholderc , and so on roles key holder authentication set password (such as safest ) create key manager users perform the following steps to create key manager users log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > users repeat for each key manager basic info username keymanager1 , keymanager2 , and so on roles key manager authentication set password (such as safest )