Application-Key Signoff Tasks for Key Manager Administrators
This section provides instructions for application-key signoff tasks that are to be performed by Key Manager administrators.
When performing application-key signoff, the high-level tasks for Key Manager administrators consist of the following:
-
Create applications and application roles (Creating Application Roles and Managing Applications).
-
Assign application owners to applications. Define application delegations to determine what actions an application owner is allowed to perform (Setting Application Owners and Delegations).
-
Define policies for each application, such as validity periods for signoff decisions (action requests), and the number of approvals required for executing various types of requests (Defining Application Policies).
-
Assign user keys to application owners for review. This is done by assigning user keys under applications, which allows the application owners of those applications to review and submit requests for the keys (Associating Keys To Applications).
-
Define and validate policy rules within the managed environment. Application owners will be able to see which of their application keys violate your policies. You can also provide recommended actions for keys that break certain policies (Defining Policy Rules).
-
Accept or deny requests that need Key Manager administrator approval (Managing Requests).
Table 5.1. Application-key signoff task flow
| Key Manager Admin | Application Owner |
|---|---|
| Create applications. | |
| Assign application owners to applications. | |
| Associate user keys to the application. | Review user keys belonging to owned applications (application keys). |
| Submit key requests for application keys. | |
| Accept or deny submitted key requests. | |
| Accept or deny submitted key requests. |