Keyfactor Command Security Design Considerations

  • Determine the list of users or groups who will have access to Keyfactor Command. Access in Keyfactor Command is based on Active Directory users and groups. These will be used to create Security Identities in Keyfactor Command (using the DOMAIN\group name format) to which Security Roles will be assigned.

    Note:   If you require only one layer of security (all users will have full access) you can simply use the Administrator Role that was created during installation (see Administration Section in the Keyfactor Command Server Installation Guide).
    Note:  When defining the AD groups/users you will use to form Identities, consider whether you will have a one-to-one or one-to many relationship between Identities and Roles.
  • Define the naming convention for Security Roles. Menu access and certificate security will be assigned to Roles which in turn will be applied to Security Identities.
  • Determine the Keyfactor Command menu access and level of functionality you want to apply to each Role using the permissions information found Security Role Permissions.
  • Determine certificate security based on collections and certificate store permissions based on containers, if any. See below for more information.