Onboarding Custodians

Prerequisite

On-prem users need to configure the SMTP server for Custodian Management by clicking the link provided on the Getting Started with PKI+ Web page for instructions.

To onboard custodians:

  1. Go to (Menu) icon > PKI+ > Custodian Management.
  2. Enter the following fields:
    Table 1. Field Description for Custodian Management page
    Field Description
    *Quorum Value By default, the quorum value is configured to 51%. This value signifies the minimum number of approvals needed for tasks such as adding or removing custodians and approving the creation of a certificate authority (CA). For instance, if there are three custodians, the minimum approval required is rounded off to two. In case of six custodians, the minimum approval required is four.
    *Approval Link Validity By default, the approval link is valid for 30 minutes.

    Minimum value is 10 minutes while maximum value is 7 days.
    Note: Fields marked with red asterisk (*) are mandatory.
  3. Click Save.
  4. Add custodians by entering the following information:
    Table 2. Field Description for Custodian Management page
    Field Description
    *Username Select from the list of usernames.
    Important: SSO users must log in to AppViewX at least once for their names to appear in the dropdown list.
    *Email ID This field is auto-populated on selection of a username. This email address of the custodian is where the approval link and notification messages are sent.
    *First Name The first name of the custodian being added. If this is not auto-populated, then type the first name.
    Important: Custodian must have login access to AppViewX.
    *Last Name The last name of the custodian being added. If this is not auto-populated, then type the last name.
    Note: Fields marked with red asterisk (*) are mandatory.
  5. Click Add.
    Note: If the custodian being added is not part of the AppViewX users, then the following confirmation screen appears. Click Save and Continue to proceed as an SSO user.
    Important:
    • If any of the approvals is in the pending state, then no new actions on the CA or the Custodian Management pages are allowed until the current one is either approved, rejected, or aborted.
    • At least two custodians must be added to perform the M(N) approvals in PKI.
    Table 3. Action Status Description and Required Action
    Action Status Status Description Required Action
    Email Verification - Pending Approval Pending The custodian's email verification is pending approval and is not active.
    Note: If you want to abort the action, click Abort. Any workflow that is triggered and is in progress is killed from the Request page prior to triggering any further actions.
    		 The newly added custodian receives a notification email. Click the here hyperlink to be directed to the AppViewX login page. On successful login, users are directed to the approval page. Users can also approve the request by going to Menu > Requests > All requests.
    Tip: You can click the (Notification Center) on the top right-hand-corner of the page to verify the email address.
    Create - Approval Pending Approval Pending The custodian has been added but is awaiting approval from active custodians. Active custodians must click the here hyperlink in the email to be redirected to the AppViewX login page. On successful login, users are directed to the approval page. User can also approve the request by going to Menu > Requests > All requests.
    Tip: You can click the (Notification Center) on the top right-hand-corner of the page to add the custodian to the custodian group.
    Create - Approved Active The custodian has been approved and added successfully. -
    Email Verification - Rejected Inactive The custodian has been rejected. On rejecting a request, a confirmation popup window appears if the requester wants to submit the request. Click OK to resubmit.
  6. To add consecutive custodians, follow the aforesaid steps. Successful addition of custodians depends on the approval of active custodians per the quorum value set.
  7. [Optional] Click Audit Log against each custodian for more information about the request and the response count along with comments, if any, from other approvers. You can also download the audit log by clicking the Download button on the Audit Log view page and exporting it in the .xls format. Once the audit log is fully loaded, the Loading button will turn to View. Refresh the page to see the View button.