About Workload Identity Manager teams¶

In Workload Identity Manager, the concept of teams is an extension of the teams feature in Certificate Manager - SaaS, so for details about the Teams feature, you should review the Teams documentation before you begin.

Workload Identity Manager uses teams in connection with service accounts. A service account has to belong to a team. The point of service accounts is to ensure the identities are valid regardless of team membership.

You create a team before you can create a service account.

The Teams inventory shows you a list of all Certificate Manager - SaaS (including Workload Identity Manager) teams created by members of your organization.

For Workload Identity Manager, we will focus on creating a new team. If you want more details, you can read the Certificate Manager - SaaS teams documentation.

Create a new team¶

1. Sign in to Venafi Control Plane.

2. Click Settings > Teams.

3. Click New and give the new Team a name.

4. Use the search box to select one or more team Owners who can manage the team.
5. Use the search box to select one or more team Members who can see the team and can, because of group membership, inherit the roles assigned to the team, then click Next.
6. Select a Role.
   • If this team is only for Workload Identity Manager, you can use any role.
   • If this team is for broader use in Certificate Manager - SaaS, review our documentation on roles.
7. (Optional) If your team uses SSO, you can specify membership rules to automatically organize your users into teams. Review Team membership rule operators for details on how to construct good rules.
8. Click Save.

What's next¶

Now that you have a team, you're ready to create a service account, which will allow the Workload Identity Manager server to authenticate to the Venafi Control Plane.