Key management
Key Lifecycle Management

Identity and access management (IAM)

5min

Administrator is the default role. You can add new roles with granular permissions defined depending on their purpose.

The following roles comprise the IAM setup for a common Key Lifecycle Management use case:

  • Administrator: Responsible for administering and provisioning services.
  • Key Holder: Responsible for key components.
  • Key Manager: Responsible for managing key services and key approvals.

The following sections explain how to create Key Holder and Key Manager roles.

Create Key Holder roles

1

Log in to the web dashboard under dual control with your Administrator users.

2

Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Roles:

3

Select [ Add ].

4

Follow the steps in the wizard to configure the new role, entering or selecting these details:

  • Basic Info
    • Role Name: Key Holder
    • Login Count Requirement: Normal
    • HSM Role: Enabled
    • Role Type: Principal
  • Service Permissions (none)
  • Management Permissions (none)
  • Secure Key Permissions: Key Component Holder
  • Managed Roles: (none)
  • Advanced Info: (default)

Create Key Manager roles

1

Log in to the web dashboard under dual control with your Administrator users.

2

Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Roles:

3

Select [ Add ].

4

Follow the steps in the wizard to configure the new role, entering or selecting these details:

  • Basic Info
    • Role Name: Key Manager
    • Login Count Requirement: 2 Logins Required
    • HSM Role: Enabled
    • Role Type: Principal
  • Service Permissions (none)
  • Management Permissions: Services
  • Secure Key Permissions: No Usage Wrap
  • Managed Roles (none)
  • Advanced Info:
    • External Name (none)
    • Dual-factor requirement (default)
    • Web Login (default)
    • Hardware Login (default)
    • API Login: Enabled
    • Administrator: Enabled

Next, you must create individual users and assign them the new Key Holder and Key Manager roles.

Create Key Holder users

1

Log in to the web dashboard under dual control with your Administrator users.

2

Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Users.

3

Repeat for each Key Holder:

  • Basic Info
    • Username: KeyHolderA, KeyHolderB, KeyHolderC, and so on
    • Roles: Key Holder
    • Authentication
      • Set password (such as safest)

Create Key Manager users

1

Log in to the web dashboard under dual control with your Administrator users.

2

Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Users.

3

Repeat for each Key Manager:

  • Basic Info
    • Username: KeyManager1, KeyManager2, and so on
    • Roles: Key Manager
    • Authentication
      • Set password (such as safest)



Updated 27 Nov 2024
Did this page help you?
PREVIOUS
Global Key Types
NEXT
Deploying Key Lifecycle Management Services
Docs powered by Archbee