User's Guide: Getting Started with Fortanix Data Security Manager - UI

1.0 Introduction

This guide an overview of the initial steps to begin using Fortanix-Data-Security-Manager (DSM). It includes essential information for users to execute the following actions within Fortanix DSM:

• Signing Up

• Setting Up an Account

• Creating a Group

• Adding an Application and assigning it to a Group(s)

• Add Users and assigning them to a Group(s)

For more details on the concepts of the Fortanix DSM, refer to the Concepts documentation.

2.0 Signing Up

To get started with the Fortanix Data Security Manager (DSM) cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.

For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.

3.0 Setting Up an Account

Access the <Your_DSM_Service_URL> on the web browser and enter your credentials to log in to the Fortanix DSM.

Within this interface, you have the option to either create a new account or respond to an invitation to join an existing account. If you have a newly created account, perform the following steps to add your first group and an application in the Fortanix DSM. For more information, refer to Section 4.0: Creating a Group.

NOTE

Fortanix DSM now allows you to create an account replication setup, enabling you to periodically replicate the data from a source account to a destination account for backup, migration, or failover purposes. For detailed information on how to set up account replication, refer to the User's Guide: Account Replication.

After entering an account, you will see the DSM Home page, that provides a comprehensive overview of your system. A section of this page displays cards detailing the count of Groups, Apps, Security Objects, Users, and Plugins within the account.

You can also navigate to the DSM Dashboard where the top section highlights the most active apps, in terms of activity and the number of operations they perform, and so on.

The Fortanix DSM UI now includes a Solutions drop down at the top-navigation bar. This menu provides easy navigation to the following other Fortanix products and solutions:

• Key Insight

• Identity & Access Management

Clicking any of the options in the Solutions drop down menu will redirect you to the Fortanix Armor login page. If you are already logged in, you are redirected to the Fortanix Armor Solutions page. For more information on Fortanix Armor, refer to the Fortanix Armor documentation.

NOTE

Clicking Key Insight or Identity & Access Management does not authenticate you to Fortanix DSM. For more information about Fortanix Armor, contact the Fortanix Support team.

To know the steps for deleting or disabling a DSM account, refer to the the FAQs - Fortanix Data Security Manager UI documentation.

4.0 Creating a Group

Perform the following steps to create the first group in the Fortanix DSM:

1. Click the Groups menu item in the DSM left navigation bar and click the + button to add a new group.

   

2. On the Adding new group page, enter the following details:

   • Title: Enter a title for your group.

   • Description (Optional): Enter a short description for the group.

   • Add Group Quorum Policy: Specify the quorum policy for the group. This setting determines the number of approvals required for security-sensitive operations within the group. Adjust this policy based on your security requirements. For detailed information, refer to User's Guide: Group Quorum Policy documentation.

   • Configure as HSM/External KMS group: Select this option to configure the group as an HSM (Hardware Security Module) or External Key Management Service (KMS) group. This is relevant if you intend to use external devices or services for key management. For more information, refer to the User's Guide: HSM Gateway documentation.

   • Configure a KEK from an existing group: Select this option to configure a Key Encryption Key (KEK) for the group using an existing group as a reference. This is useful when establishing cryptographic mechanisms within the group. For more information, refer to the User's Guide: Group Key Encryption Key documentation.

3. Click the SAVE button to create a new group.

The new group is added to the Fortanix DSM successfully.

NOTE

When you update the group name from the group's detailed view, its UUID remains unchanged.

For information on Server-Side Table Processing (SSTP) on groups, refer to the Definitions guide.

5.0 Fortanix DSM Application

An application within Fortanix DSM leverages the platform for generating, storing, and utilizing security objects such as cryptographic keys, certificates, or arbitrary secrets. Examples of such applications encompass web servers, Public Key Infrastructure (PKI) servers, key vaults, and others. The application can interact with Fortanix DSM through different interfaces, such as the Representational State Transfer (REST) APIs or employing the Public-Key Cryptography Standards (PKCS)#11, Java Cryptography Extension (JCE), or Cryptography API: Next Generation (CNG) providers.Top of Form

5.1 Adding an Application

Perform the following steps to create the first application in the Fortanix DSM:

1. Click the Apps menu item in the DSM left navigation bar and click the + button to add a new group.

   

2. On the Adding new app page, enter the following details:

   • App Name: Enter the name of your application.

   • Interface (Optional): Select the required interface type from the drop down menu, such as REST API, PKCS#11, JCE, CNG, and KMIP.

   • ADD DESCRIPTION (Optional): Enter a short description for the application.

   • Authentication Method: Select the required method of authentication from the list of options available on the UI. For more information on these authentication methods, refer to User's Guide: Authentication documentation.

     • Set app secret key size: Select the required size of the application secret key in bytes from the drop down menu.

   • OAuth: Enable OAuth to authorize the application to perform crypto and key management operations on behalf of the User in groups that the User has administrator role.

   • Assigning the new app to groups: Select one or more group names from the drop down menu to associate this application with that group(s).

3. Click the Save button to add the new application.

The new application is added to the Fortanix DSM successfully.

For information on Server-Side Table Processing (SSTP) on apps, refer to the Definitions guide.

5.2 Mapping Group to an Application

To associate a new or existing application to a particular group, you can select either of the following methods:

• Method 1 - Using the Apps menu item.

• Method 2 - Using the NEW APP button.

• Method 3 - Using the ADD APP button.

5.2.1 Method 1 - Using the Apps Menu Item

Perform the following steps:

1. Navigate to Apps menu and select the required application from the list.

2. On the detailed view of the required application, locate the Groups section and click the EDIT GROUPS button.

   

3. On the Group Association dialog box, select an existing group from the drop down menu or click the CREATE NEW GROUP option to add a new group.

4. Click the SAVE CHANGES button to save the updates to the application.

5.2.2 Method 2 - Using the NEW APP Button

Perform the following steps:

1. Navigate to Groups menu tab and select the required group from the list.

2. In the Info tab, click the NEW APP button.

   

   This will redirect you the Adding new apps page. For more information, refer to Section 5.1: Adding an Application.

   NOTE

   In the Assigning the new app to groups section, the group is already assigned. Click the EDIT GROUPS button to add more groups to the application.

3. Click the SAVE button to keep the changes.

5.2.3 Method 3 - Using the ADD APP Button

Perform the following steps:

1. Navigate to Groups menu tab and select the required group from the list.

2. In the detailed view of the group, under the APPS tab, click the ADD APP button.

   

3. In the Search for apps to add dialog box, select one or more existing applications to associate with that group.

4. Click the SAVE CHANGES button to keep the changes.

5.3 Deleting the Application

To remove an application, you can select either of the following methods:

• Method 1 – Using the Apps menu item.

• Method 2 – Using the Groups menu item.

5.3.1 Method 1 – Using the Apps Menu Item

Perform the followings steps to delete an application using the Apps menu item:

1. Navigate to Apps menu tab and select the required application from the list.

2. On the detailed view of the required application, scroll to the end of the page and click the DELETE APP button.

   

3. On the Delete App dialog box, click the DELETE button to confirm the action.

5.3.2 Method 2 - Using the Groups Menu Item

Perform the followings steps to delete an application using the Group menu item:

1. Navigate to Groups menu tab and select the required group from the list.

2. In the Apps tab, click the overflow menu (three dots) for an Application row and select the DELETE option to remove the application.

   

3. On the Remove App dialog box, click the REMOVE button to confirm the action.

6.0 Fortanix DSM Users

A user who creates a group automatically gets assigned the role of the group administrator. You can add more Users to a group in the role of administrators, auditors, or members. These roles may be assigned at either the account or group level. For detailed information, refer to the Authorization documentation.

6.1 Adding a User

For detailed information on how to invite a user, create a new user or delete the user, refer to the User's Guide: Inviting a User to Fortanix Data Security Manager documentation.

6.2 Mapping Group to User

To associate a new or existing user to a particular group, you can select either of the following methods:

• Method 1 - Using the Users menu item.

• Method 2 - Using the NEW USER button.

• Method 3 - Using the ADD USER button.

6.2.1 Method 1 - Using the Users Menu Item

1. Navigate to Users menu and select the required user from the list.

2. On the detailed view of the required user, locate the Groups section and click the EDIT GROUPS button.

   NOTE

   If the user is an Account Administrator or Account Auditor, then they are automatically assigned to all groups as Group Administrator or Group Auditor respectively.

   

3. In the Manage group for user dialog box, select an existing group from the drop down menu or click the CREATE NEW GROUP option to add a new group. Edit the permission of the user for the group if required.

4. Click the SAVE CHANGES button to save the updates.

6.2.2 Method 2 - Using the NEW USER Button

Perform the following steps:

1. Navigate to Groups menu tab and select the required group from the list.

2. In the Info tab, click the NEW USER button.

   

   This will redirect you the Adding new users to the account page. For more information, refer to Section 6.1: Adding a User.

3. Click the SAVE button to keep the changes.

6.2.3 Method 3 - Using the ADD USER Button

Perform the following steps:

1. Navigate to Groups menu tab and select the required group from the list.

2. In the USERS tab, click the ADD USERS button.

   

3. In the Search for users to add dialog box, select one or more existing users to associate with that group. Edit the permission of the user for the group if required.

   NOTE

   The Search for users to add to dialog box only displays users who are account members.

4. Click the SAVE CHANGES button to complete associating users to a group.

6.3 Deleting the User

Perform the followings steps to delete a user:

1. Navigate to Users menu tab and select the required user from the list.

2. On the detailed view of the required application, scroll to the end of the page and click the DELETE USER button.

   

   NOTE

   Alternatively, you can click the overflow menu (three dots) for a User row and select the DELETE option to remove the user.

   

3. On the Delete User dialog box, click the DELETE button to confirm the action.