Group Management

Groups in CertiNext provide a structured way to organize users, certificate requests, and financial controls within a single account. They act as logical boundaries that allow enterprises to delegate certificate operations to teams, projects, or business units while maintaining centralized governance, visibility, and control.

Groups are a core construct for scaling certificate management across large or distributed organizations.

Purpose of Groups

Groups are used to:

• Segment certificate operations by team, application, project, or environment

• Control which users can request and manage certificates

• Restrict access to specific products, organizations, and domains

• Apply financial controls and spending limits

• Route renewal and lifecycle notifications to the right stakeholders

This enables controlled decentralization without compromising security or compliance.

Group Information

When creating a group, administrators define basic identifying information:

• Group Name – A unique name representing the team or purpose

• Short Description – Optional context for administrators and auditors

• Logo – Optional visual identifier for easier recognition

This information helps maintain clarity and traceability across groups.

User Access Control

Groups can be configured to allow:

• All users to access the group, or

• Only specific users, explicitly assigned by administrators

Restricting group access ensures that only authorized users can request or manage certificates within that group’s scope.

Certificate Request Scope

Groups define what certificates users within the group are allowed to request:

• Products Allow access to all certificate products or restrict to specific ones.

• Organizations Control which validated organizations can be used for certificate issuance.

• Domains Limit certificate requests to approved domains only.

These controls prevent accidental or unauthorized certificate issuance outside approved boundaries.

Financial Controls

Groups support flexible financial handling for certificate issuance:

• Account-Level Billing Certificate costs are deducted from the central account balance.

• Group-Level Billing Certificate costs are deducted from a group-specific balance.

Additional controls include:

• Auto Approval – Automatically approve certificate requests for the group

• Spend Limits – Enforce spending caps to control costs and prevent overruns

These features support cost allocation, budgeting, and internal chargeback models.

Notifications and Renewal Communication

Groups can be configured with dedicated:

• Certificate renewal notification email addresses

This ensures lifecycle alerts and reminders reach the appropriate operational teams responsible for the certificates managed under the group.

Governance and Auditability

All group configurations, access changes, certificate requests, and financial actions are logged and auditable. This provides:

• Clear accountability for certificate usage

• Transparency during audits and reviews

• Support for internal governance and compliance requirements

Why Groups Matter

Without groups, certificate management can quickly become difficult to govern as organizations scale. Groups help:

• Reduce operational risk

• Improve ownership and accountability

• Enable secure delegation

• Maintain centralized visibility

Groups as an Operational Boundary

In CertiNext, groups function as operational and governance boundaries. They allow organizations to scale certificate operations safely by combining role-based access, scoped certificate requests, financial controls, and auditability—ensuring trust operations remain secure, controlled, and efficient at enterprise scale.