1.0 Introduction
This article describes the Quorum approval policy settings available in the System Administration account and how they are configured by a Fortanix-Data-Security-Manager (DSM) system administrator.
The Quorum approval policy adds an additional layer of control and protection to sensitive operations performed within the System Administration account. When configured, a defined minimum number of quorum approvers must approve a sensitive operation before it can be executed.
A Quorum approver is a system administrator designated to review and approve Quorum requests.
2.0 System Administration Quorum Policy
This policy defines the Quorum approvers and the minimum number of approvals required before a Secure Node Join request can be approved.
In the DSM user interface (UI), navigate to System Administration → Settings → QUORUM POLICY tab.
.png?sv=2026-02-06&spr=https&st=2026-06-26T22%3A06%3A38Z&se=2026-06-26T22%3A21%3A38Z&sr=c&sp=r&sig=4a7ORmyc%2BBXgXdOhfypcXXTm4ZbQfd59UKex6J4Yirk%3D)
Figure 1: Account level quorum policy
The Quorum approval policy page displays the current configuration for the System Administration account. It contains the following sections:
System Administration Quorum Policy: Defines the Quorum approvers and the minimum number of approvals required for Secure Node Join requests.
Operations that require Quorum approval: Specifies which operations within the System Administration account require Quorum approval.
.png?sv=2026-02-06&spr=https&st=2026-06-26T22%3A06%3A38Z&se=2026-06-26T22%3A21%3A38Z&sr=c&sp=r&sig=4a7ORmyc%2BBXgXdOhfypcXXTm4ZbQfd59UKex6J4Yirk%3D)
Figure 2: Detailed form
3.0 Create a System Administration Quorum Policy
Perform the following steps to create a System Administration Quorum approval policy:
In the Sensitive operations within the account require approval from section, enter the minimum number of approvals required in the # field.
In the choose people field, search for and select the system administrator users who will serve as Quorum approvers. Selected users appear as removable tags.
NOTE
Only active system administrator users are available for selection.
Click ADVANCED to define multiple quorum approval rules using AND or OR logic (optional):
AND: All rules must be satisfied for the operation to be approved.
OR: Any one rule, if satisfied, is sufficient for quorum approval.
Additionally, there are two optional check boxes:
Using second factor security key is required to approve requests: Select this option to require Quorum approvers to authenticate using a second-factor security key when approving requests.
Profile password re-entry is required to approve request: Select this option to require Quorum approvers to re-enter their password when approving requests.
In the Operations that require Quorum approval section, select the operations that should generate a quorum approval request:
Update cluster: Automatically enabled when Secure node join is selected and cannot be enabled or disabled independently. This ensures that any updates to the Quorum approval policy configuration, such as creating, modifying, or deleting the policy also require quorum approval before taking effect.
Secure node join: When selected, requires quorum approval before a new node is permitted to join the cluster. Selecting this option automatically enables Update cluster. For more information, refer to Secure Node Join (on-prem only).
If you enabled ADVANCED settings, select either any or all to determine whether any rule or all rules must be satisfied to achieve quorum.
Click SAVE POLICY.
NOTE
After saving any changes to the Quorum Policy settings, a rolling restart of the backend containers must be performed for the configuration to take effect. Until the restart is complete, a warning indicator (âš ) appears next to the tab name in the Settings menu, indicating that there are pending changes.
Alternatively, you can revert the configuration change before the cluster restart begins, click CANCEL CHANGE in the Pending changes banner. In the Cancel changes dialog box, click DELETE to confirm and restore the previous configuration, or click CANCEL to return without making any changes.
The Quorum policy dialog box displays the policy summary. Review the configuration and click SAVE to apply the policy.
NOTE
This setting is applicable only to clusters where Secure Node Join is enabled with DCAP attestation.
4.0 Update System Administration Quorum Policy
Perform the following steps to update the System Administration Quorum approval policy:
On the Quorum approval policy page, click EDIT POLICY.
Update the policy settings as required.
Click SAVE POLICY to apply the changes.
The Quorum policy dialog box displays the policy summary. Review the configuration and click SAVE to apply the policy.
NOTE
Any changes to this configuration, such as adding or removing Quorum approvers or modifying the minimum approval count, require quorum approval before taking effect.
After saving any changes to the Quorum Policy settings, a rolling restart of the backend containers must be performed for the configuration to take effect. Until the restart is complete, a warning indicator (âš ) appears next to the tab name in the Settings menu, indicating that there are pending changes.
Alternatively, you can revert the configuration change before the cluster restart begins, click CANCEL CHANGE in the Pending changes banner. In the Cancel changes dialog box, click DELETE to confirm and restore the previous configuration, or click CANCEL to return without making any changes.
5.0 Delete System Administration Quorum Policy
Perform the following steps to delete the System Administration Quorum approval policy:
On the Quorum approval policy page, click EDIT POLICY.
Scroll to the bottom of the page and click DELETE POLICY.
In the Delete Policy confirmation dialog box, click DELETE.
NOTE
Deleting a Quorum approval policy is a sensitive operation and will automatically generate a quorum approval request that must be approved before the policy is removed.
After saving any changes to the Quorum Policy settings, a rolling restart of the backend containers must be performed for the configuration to take effect. Until the restart is complete, a warning indicator (âš ) appears next to the tab name in the Settings menu, indicating that there are pending changes.
Alternatively, you can revert the configuration change before the cluster restart begins, click CANCEL CHANGE in the Pending changes banner. In the Cancel changes dialog box, click DELETE to confirm and restore the previous configuration, or click CANCEL to return without making any changes.
6.0 Quorum Approval Requests
When an operation that requires quorum approval is performed, an approval request is automatically generated and sent to all configured Quorum approvers.
Quorum approvers can view and act on pending requests under System Administration → Tasks → PENDING tab.
PENDING: Requests awaiting the required number of approvals
COMPLETED: Requests for which quorum was achieved and the operation was completed.
FAILED: Requests that were declined or expired before quorum was achieved.
The approval request expiration period is configured under System Administration → Settings → POLICIES → Quorum approval. By default, approval requests expire after 90 days.