Manager and admin profiles in Woleet.ID Server
Woleet.ID Server is a back-office application dedicated to the management of identities involved in signing or sealing operations.
Woleet.ID Server has defined three access profiles:
- User
- Manager
- Administrator
With a manager or an administrator profile, you can connect to Woleet.ID Server administration interface.
With a user profile, you can authenticate before signing with a key that is managed by Woleet.ID Server. On Woleet.ID Server administration interface, users can only see their identity information.
Manager profile
The manager guarantees the reliability of signature and seal creation by managing identity lifecycle and key security.
Creating new identities
The manager primary role is to decide if a new identity shall be created or not.
The manager shall determine if the identity relates to a physical person (user identity), or if it relates to an organizational entity (seal identity). Please refer to this article for more details.
The manager shall then perform identity check so as to establish a reliable identity. We provide recommendations for this critical step in this article.
After this check, the manager can create the identity in Woleet.ID Server. See this article to know how to create an identity in Woleet.ID Server.
Managing identity lifecycle
The manager shall manage the identity lifecycle, which includes:
- Identity creation.
- Identity modification.
- Identity deletion.
The user is asked to declare any change in his/her identity, so that the identity information remains accurate. Shall this case occur, the manager performs the same verification as for identity creation.
For seal identities, the point of contact is also asked to declare any identity change.
The user can ask for identity deletion, in accordance with its GDPR rights.
If the signature or the seal creation service shall stop, it is recommended to block the identity. Deleting a seal identity is not recommended as it hinders seal validation (read this article.
Managing keys
A cryptographic key pair is automatically created in Woleet.ID Server upon creation of an identity in Woleet.ID Server. This is the technical object that allows to sign or seal data, and it is critical to ensure the validity of signatures and seals.
The manager can perform certain actions on the key pair, essentially to manage their security:
- Key revocation: in case of a security incident compromising the key pair, it shall be revoked. This function is irreversible.
- Key blocking: this reversible function prevents from the use of the key pair until unblocking.
- Key expiration: it is recommended to set an expiration date to limit the key compromission risks.
- Key deletion: signing and sealing are no longer possible. This also prevents from validating a seal (read this article to know why). This function shall be used carefully.
Administrator profile
The administrator is in charge of installing and configuring Woleet.ID Server.
Technically, the administrator cumulates the rights of the manager and administration rights.
Managing API tokens
API tokens are authentication means allowing the integration of Woleet.ID Server with other tools. For example, to create seals, ProofKeeper authenticates to Woleet.ID Server thanks to an API token.
An API token is associated with an identity. API tokens can also be created for any identity.
The administrator can create API tokens via the administration interface.
After creation, following actions are possible:
- Change the API token name.
- Block the API token to temporarily prevent access to Woleet.ID Server.
- Delete the API token.
Managing application settings
Woleet.ID Server is highly configurable, and this can be done via the administration interface.
You can notably configure:
- Default key parameters
- Server URLs
- Password creation settings and basic UI personalization
- OpenID Connect parameters
- Connection to ProofDesk for Teams
- SMTP service
Updated about 5 years ago