User's Guide: Getting Started with Fortanix Data Security Manager - UI

Prev Next

1.0 Introduction

This article provides an overview of the initial steps to begin using Fortanix-Data-Security-Manager (DSM). It includes essential information for users to execute the following actions within Fortanix DSM:

  • Signing Up

  • Setting Up an Account

  • Creating a Group

  • Adding an Application (app) and assigning it to a Group(s)

  • Add Users and assigning them to a Group(s)

For more details on Fortanix DSM concepts, refer to Concepts.

2.0 Signing Up

To get started with the Fortanix DSM cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.

For detailed steps on setting up Fortanix DSM, refer to User's Guide: Sign Up for Fortanix Data Security Manager SaaS.

3.0 Setting Up an Account

Access the <Your_DSM_Service_URL> on the web browser and enter your credentials to log in to the Fortanix DSM.

Figure 1: Logging in

Within this interface, you can either create a new account or respond to an invitation to join an existing one. If you have created a new account, perform the following steps to add your first group and an application in the Fortanix DSM. For more information, refer to Section 4.0: Creating a Group.

Figure 2: Create or use existing account

NOTE

Fortanix DSM now allows you to create an account replication setup, enabling you to periodically replicate the data from a source account to a destination account for backup, migration, or failover purposes. For detailed information on how to set up account replication, refer to User's Guide: Account Replication.

After entering an account, you will see the DSM Home page, that provides a comprehensive overview of your system. A section of this page displays cards detailing the count of Groups, Apps, Security Objects, Users, and Plugins within the account.

Figure 3: Home view

You can also navigate to the DSM Dashboard where the top section highlights the most active apps based on their activity level, number of operations performed, and other metrics.

Figure 4: Dashboard view

The Fortanix DSM user interface (UI) now includes a Solutions drop down at the top-navigation bar. This menu provides easy navigation to the following other Fortanix products and solutions:

  • Key Insight

  • Identity & Access Management

Clicking any of the options in the Solutions drop down menu will redirect you to the Fortanix Armor login page. If you are already logged in, you will be redirected to the Fortanix Armor Solutions page. For more information on Fortanix Armor, refer to Fortanix Armor.

NOTE

  • The Solutions menu in the top-navigation bar of Fortanix DSM UI is only visible in Fortanix DSM SaaS.

  • Clicking Key Insight or Identity & Access Management does not authenticate you to Fortanix DSM. For more information about Fortanix Armor, contact the Fortanix Support team.

Figure 5: Solutions menu

To know the steps for deleting or disabling a Fortanix DSM account, refer to FAQs - Fortanix Data Security Manager UI.

4.0 Creating a Group

Perform the following steps to create the first group in the Fortanix DSM:

  1. Click the Groups menu item in the DSM left navigation panel and click + to add a new group.

    Figure 6: Add groups

  2. In the Adding new group page, enter the following details:

    • Title: Enter a title for your group.

    • Description: Enter a short description for the group (optional).

    • Add Group Quorum Policy: Specify the Quorum approval policy for the group. This setting determines the number of approvals required for security-sensitive operations within the group. Adjust this policy based on your security requirements. For detailed information, refer to User's Guide: Group Quorum Policy.

    • Configure as HSM/External KMS group: Select this option to configure the group as an HSM (Hardware Security Module) or External Key Management Service (KMS) group. This is relevant if you intend to use external devices or services for key management. For more information, refer to User's Guide: HSM Gateway.

    • Configure a KEK from an existing group: Select this option to configure a Key Encryption Key (KEK) for the group using an existing group as a reference. This is useful when establishing cryptographic mechanisms within the group. For more information, refer to User's Guide: Group Key Encryption Key.

  3. Click SAVE to create the new group.

The new group is added to the Fortanix DSM successfully.

NOTE

When you update the group name from the group's detailed view, its UUID remains unchanged.

For information on Server-Side Table Processing (SSTP) on groups, refer to Definitions.

5.0 Creating an Application

An app within Fortanix DSM leverages the platform for generating, storing, and utilizing security objects such as cryptographic keys, certificates, or arbitrary secrets. Examples of such applications encompass web servers, Public Key Infrastructure (PKI) servers, key vaults, and others. The application can interact with Fortanix DSM through various interfaces, such as the Representational State Transfer (REST) APIs or by employing the Public-Key Cryptography Standards (PKCS)#11, Java Cryptography Extension (JCE), or Cryptography API: Next Generation (CNG) providers.

Perform the following steps to create the first application in the Fortanix DSM:

  1. Click the Apps menu item in the DSM left navigation panel and click + to add a new group.

    Figure 7: Add application

  2. In the Adding new app page, enter the following details:

    • App Name: Enter the name of your application.

    • Interface (Optional): Select the required interface type from the drop down menu, such as REST API, PKCS#11, JCE, CNG, and KMIP.

    • ADD DESCRIPTION: Enter a short description for the application (optional).

    • Authentication Method: Select the required authentication method from the available options on the UI. For more information on these authentication methods, refer to User's Guide: Authentication.

      • Set app secret key size: Select the required size of the application secret key (in bytes) from the drop down menu.

    • OAuth: Enable OAuth to authorize the application to perform crypto and key management operations on behalf of the User in groups that the User has administrator role.

    • Assigning the new app to groups: Select one or more group names from the drop down menu to associate this application with that group(s).

  3. Click SAVE to add the new application.

The new application is added to the Fortanix DSM successfully.

For information on Server-Side Table Processing (SSTP) on apps, refer to Definitions.

5.1 Mapping Group to an Application

To associate a new or existing application with a particular group, you can use one of the following methods:

  • Method 1 - Using the Apps menu item.

  • Method 2 - Using the NEW APP button.

  • Method 3 - Using the ADD APP button.

5.1.1 Method 1 - Using the Apps Menu Item

Perform the following steps:

  1. Click the Apps menu item in the DSM left navigation panel and select the required application from the list.

  2. In the application’s detailed view, locate the Groups section and click EDIT GROUPS.

    Figure 8: Edit group for application

  3. In the Group Association dialog box, select an existing group from the drop down menu or click CREATE NEW GROUP to add a new group.

  4. Click SAVE CHANGES to apply the updates.

5.1.2 Method 2 - Using the NEW APP Button

Perform the following steps:

  1. Click the Groups menu item in the DSM left navigation panel and select the required group from the list.

  2. In the Info tab, click NEW APP.

    Figure 9: Add application to group

    This will redirect you the Adding new apps page. For more information, refer to Section 5.0: Creating an Application.

    NOTE

    In the Assigning the new app to groups section, the group is already assigned. Click EDIT GROUPS to add more groups to the application.

  3. Click SAVE to apply the updates.

5.1.3 Method 3 - Using the ADD APP Button

Perform the following steps:

  1. Click the Groups menu item in the DSM left navigation panel and select the required group from the list.

  2. In the group’s detailed view, under the APPS tab, click ADD APP.

    Figure 10: Add application to apps tab

  3. In the Search for apps to add dialog box, select one or more existing applications to associate with that group.

  4. Click SAVE CHANGES to apply the updates.

5.2 Deleting the Application

To delete an application, you can use one of the following methods:

  • Method 1 – Using the Apps menu item.

  • Method 2 – Using the Groups menu item.

5.2.1 Method 1 – Using the Apps Menu Item

Perform the followings steps to delete an application using the Apps menu item:

  1. Click the Apps menu item in the DSM left navigation panel and select the required application from the list.

  2. In the application’s detailed view, scroll to the end of the page and click DELETE APP.

    Figure 11: Delete app button

  3. In the Delete App dialog box, click DELETE to confirm the action.

5.2.2 Method 2 - Using the Groups Menu Item

Perform the followings steps to delete an application using the Groups menu item:

  1. Click the Groups menu item in the DSM left navigation panel and select the required group from the list.

  2. In the Apps tab, click the overflow menu next to the application you want to delete and select DELETE.

    Figure 12: Delete option

  3. In the Delete App dialog box, click DELETE to confirm the action.

6.0 Adding Users

A user who creates a group automatically gets assigned the role of Group Administrator. You can add additional users to a group with the roles of Administrator, Auditor, or Member. These roles can be assigned at either the account or group level. For detailed information, refer to Authorization.

For detailed information on how to invite a user, create a new user or delete the user, refer to User's Guide: Inviting a User to Fortanix Data Security Manager.

6.1 Mapping Group to User

To associate a new or existing user to a particular group, you can use one of the following methods:

  • Method 1 - Using the Users menu item.

  • Method 2 - Using the NEW USER button.

  • Method 3 - Using the ADD USER button.

6.1.1 Method 1 - Using the Users Menu Item

NOTE

You can modify the groups for a user only if the invitation is in pending state and the user is an Account Member.

Perform the following steps:

  1. Click the Users menu item in the DSM left navigation panel and select the required user from the list.

  2. In the user’s detailed view, locate the Groups section and click EDIT GROUPS.

    NOTE

    If the user is an Account Administrator or Account Auditor, they are automatically assigned to all groups as Group Administrator or Group Auditor, respectively.

    Figure 13: Edit groups for new user

  3. In the Manage group for user dialog box, select an existing group from the drop down menu or click the CREATE NEW GROUP option to add a new group. Edit the permission of the user for the group if required.

  4. Click SAVE CHANGES to apply the updates.

6.1.2 Method 2 - Using the NEW USER Button

Perform the following steps:

  1. Click the Groups menu item in the DSM left navigation panel and select the required group from the list.

  2. In the Info tab, click NEW USER.

    Figure 14: Add user to group

    This will redirect you the Adding new users to the account page. For more information, refer to Section 6.0: Adding Users.

  3. Click SAVE to apply the updates.

6.1.3 Method 3 - Using the ADD USER Button

Perform the following steps:

  1. Click the Groups menu item in the DSM left navigation panel and select the required group from the list.

  2. In the USERS tab, click ADD USERS.

    Figure 15: Add user to users tab

  3. In the Search for users to add dialog box, select one or more existing users to associate with the group. Edit the user’s permission for the group if required.

    NOTE

    The Search for users to add to dialog box only displays users who are account members.

  4. Click SAVE CHANGES to complete associating users to a group.

6.2 Deleting the User

Perform the followings steps to delete a user:

  1. Click the Users menu item in the DSM left navigation panel and select the required user from the list.

  2. In the user’s detailed view, scroll to the end of the page and click DELETE USER.

    Figure 16: Delete user button

    NOTE

    Alternatively, you can click the overflow menu next to the user you want to delete and select DELETE.

    Figure 17: Delete option

  3. In the Delete User dialog box, click DELETE to confirm the action.