Security Roles and Claims

There are several elements that make up Keyfactor Command Security infrastructure. To define your security design you will use these elements in combinations that meet your needs. You can limit user menu access through global permissions, and user certificate access through collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). and certificate stores permissions.

Security Roles

Figure 341: Security Roles

During the Keyfactor Command installation and configuration process, the security role Administrator is created (see Administrative Users Tab). The Administrator role grants full permissions to the Management Portal and cannot be modified or deleted. If all users of the Management Portal should have full access to all features within the portal, this one role may be sufficient for your needs. However, if you would like to grant access to other users or limit the functionality available to those users, you need to add one or more new security roles for this purpose.

A Reporting API Access role is automatically created during installation to support the dashboard and reporting access required by the Logi Analytics Platform. The service account user associated with the IIS application pools on the Keyfactor Command Management Portal server (where Logi is installed) is automatically created as an identity and associated with this role.

Security Claims

Figure 342: Security Claims

Claims are created in Keyfactor Command using users or groups. During the Keyfactor Command installation and configuration process, administrative security claims are created using the user and/or group records for your selected identity provider (either Active Directory or an alternative) on the Administrative Users tab of the configuration wizard (see Administrative Users Tab). More than one user or group may be entered during configuration, if desired. Claims entered in the configuration wizard are associated with the Administrator role that grants all permissions to the Management Portal.

If you would like to grant access to other users but limit the functionality available to those users, you need to add one or more new security claims for this purpose and link them to one or more appropriate security roles. See Security Claim Operations.

Tip:  Click the help icon () next to the Security Roles and Claims page title to open the Keyfactor Command Documentation Suite to this section. You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.