Skip to content

Create a Team

Teams let you group users under a shared authorization model in Certificate Manager - SaaS. When a Team is added as an Authorized Signer on a Project, every member of that Team automatically inherits permission to use the associated Signing Keys for signing.

Note

Teams are optional for users authenticated with API keys, but required for service account authentication.

Even if you are using only user API key authentication, Teams can simplify management when multiple developers need access to the same Signing Keys.

Why you might use a Team

A team is required when using service account authentication. Each service account requires an owning team, so if you're using service accounts, you have to have a team configured (though there are no requirements on how many members the team must have).

For user API key authentication, teams are not required, but they can be helpful when:

  • A group of developers all need access to the same Signing Key
  • You want signing permissions to update automatically as membership changes
  • You want to manage access centrally through your identity provider

How Teams work with Certificate Manager - SaaS

Team functionality exists entirely in Certificate Manager - SaaS. There is no Team configuration specific to Code Sign Manager - SaaS. Code Sign Manager simply uses the Team membership defined in the platform to determine who can sign.

Note

Team membership can be managed through SSO group claims, allowing your identity provider to automatically add or remove users based on group membership. This keeps signing permissions aligned with your organization’s access policies.

To learn how to create and manage Teams, see Managing Teams.

What's next

If you need to enable automated or machine-based signing, continue with Create a service account.

If you are setting up user-based signing only, proceed to Create a Code Sign Project.