User Roles and Access Model

User Roles and Access Management

User Roles and Access Management in CertiNext is designed to enforce strong security controls, clear separation of duties, and operational accountability across certificate, key, and trust management activities. Given the sensitive nature of certificate authorities, cryptographic keys, and trust anchors, access to CertiNext is governed through a granular, role-based access control (RBAC) model.

This approach ensures users can perform only those actions that are appropriate to their responsibilities, while all actions remain auditable and policy-aligned.

Role-Based Access Control (RBAC)

CertiNext uses role-based access control to define what actions a user can view or perform within the platform. Roles are assigned to users and determine access across functional areas such as certificate management, CA operations, discovery, provisioning, reporting, and administrative settings.

RBAC supports the principle of least privilege, ensuring:

• Administrative privileges are restricted to authorized users

• Operational users can perform lifecycle actions without overreach

• Sensitive CA and key operations are tightly controlled

Custom Roles

In addition to default roles, CertiNext allows administrators to create custom roles tailored to organizational needs. Custom roles are built by selecting fine-grained permissions across platform modules, enabling precise alignment with internal teams and workflows.

Permissions can be defined across areas such as:

• Certificate Authorities – Creating, managing, suspending, or revoking CAs and CA certificates

• Certificates and Orders – Requesting, approving, renewing, reissuing, suspending, or revoking certificates

• Discovery – Running discovery bots, managing discovered certificates, and CT log monitoring

• Provisioning – Managing automated provisioning workflows, bots, and certificate rotation

• Keys and Key Stores – Creating and managing keys, key profiles, and key stores

• APIs and Integrations – Creating and managing API credentials and connectors

• Domains and Organizations – Managing validation objects and organizational entities

• Reports and Audit Logs – Accessing audit trails and operational reports

• Settings and Configuration – Managing global account settings, custom fields, IP restrictions, and reporting tags

This flexibility allows CertiNext to support diverse roles such as security administrators, PKI operators, DevOps engineers, auditors, finance teams, and application owners.

Separation of Duties and Approvals

CertiNext supports separation of duties by allowing organizations to distribute responsibilities across different roles. For example:

• One role may request certificates while another approves them

• CA management can be restricted to a small, trusted group

• Audit and reporting access can be read-only

Approval permissions can be configured to ensure sensitive actions—such as certificate issuance, revocation, or CA changes—are reviewed and authorized in line with governance policies.

User and Group Management

Users can be organized into groups, and roles can be applied at the group level to simplify administration. This is especially useful in large enterprises where access needs to align with business units, environments, or geographic regions.

CertiNext also supports:

• User invitations and approval workflows

• Role activation and deactivation

• Assignment of multiple roles where required

Auditability and Compliance

All role assignments, permission changes, and user actions are logged and available through audit reports. This provides:

• Full traceability of who performed what action and when

• Evidence for internal audits and external compliance reviews

• Support for regulated and trust-critical environments

Why User Roles and Access Management Matter

In certificate and trust management, unauthorized or accidental actions can have wide-reaching impact. Strong access controls help:

• Protect CA and key material

• Reduce operational risk and misconfiguration

• Enforce governance and compliance requirements

• Support secure collaboration across teams

Access Management as a Trust Control

In CertiNext, user roles and access management are treated as a core trust control, not just an administrative feature. By combining granular permissions, custom roles, approval workflows, and auditability, CertiNext enables organizations to manage certificates and cryptographic assets securely, responsibly, and at enterprise scale.