Security Overview

There are several elements that make up Keyfactor Command Security infrastructure. To define your security design you will use these elements in combinations that meet your needs. You can limit user menu access through global permissions, and user certificate access through collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). and certificate stores permissions.

• Security Roles—Menu and Certificate Permissions

  Define the naming convention and structure of your security design by creating a name and description for your roles. These roles will then hold the definition of your security design based on the menu access, collection access or stores access as applied to them. The roles will then be applied to AD users or groups to complete the security set-up. These roles are used to:

  • Grant access to the Management Portal, by selecting menu access permissions for a role—at what level of permission the user/group can access certificates functionality on the Keyfactor Command management portal. See Security Role Permissions and Security Role Operations.
  • Grant certificate collections access by selecting role permissions per collection—at which level of permission the user/group can access collections functionality and/or which collections they can access. See Certificate Permissions.
  • Grant certificate store containers access by selecting role permissions per container—at which level of permission the user/groups can access certificate stores functionality, and/or which stores they can access. See Container Permissions.

• Security Identities

  Assign combinations of Roles to AD users or groups to apply your security design to your users. See Security Identity Operations.

• SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. Permissions

  Permissions to use the SSH areas of Keyfactor Command are controlled with three security roles (See SSH Permissions) specific to this purpose:

  • Enterprise Admin
  • Server Admin
  • User