Signing is a sensitive operation which can be additionally protected by enforcing a four-eyes principle. With that, the signing task requires an approval by another person with the respective role before the signing task is executed. In addition, it can be required from the approver to authenticate using multi-factor authentication. This feature is enabled and configured on a per tenant basis, requiring all signing tasks of a tenant to adhere to the set policy. Multi-factor authentication is currently supported only via UI.

Scenarios

Four-eyes principle	Multi-factor authentication	Description	Example
No	No	Signing tasks can be approved by the same user.	A signing task is triggered by a client via API from a CI/CD pipeline and the same client approves via the API to start the execution.
Yes	No	Signing tasks require an approval from another user. However, the approver does not need multi-factor authentication.	A signing task is triggered by a developer via UI and the product owner approves. Both happening on QA stage.
Yes	Yes	Singing tasks require an approval from another user who needs to authenticate using multi-factor authentication.	During release, the release engineer triggers a signing task. The product owner approves using multi-factor authentication to have maximum protection against misuse of productive signing keys.