.png){kind=logo}
The Access section is where you configure who can authenticate to Signum and what they can do once they are in.
It has two parts that work together: Domains define how users authenticate (via SAML, OAuth2, local credentials, or a client certificate). Roles define what authenticated users can see and do in the Admin Web Console. A user needs both a Domain to log in through, and a Role to have any permissions once inside.
Signing users do not need a Role. A user who only needs to sign files using a Signum Agent does not need a Role assigned. Roles are only required for users who access the Admin Web Console. Signing access is controlled entirely by Policies.
In this section
Domains: Configure authentication methods for your users. Supported types are SAML2, OAuth2, Local Users (username and password), and Certificate Users. Multiple domains can be active simultaneously to support different user populations, for example, SAML for developers logging in interactively and Certificate Users for unattended build agents.
Roles: Define granular permissions for Admin Web Console access, including which certificates, policies, domains, and events a user can view or modify. Roles are also scoped to specific certificate groups and domains, so different admin teams can be isolated from each other's resources.