Merge pull request #274139 from microsoftshawarma/main

prmerger-automator[bot] · web-flow · commit bef29484107e · 2024-05-02T18:27:00.000Z
adding info on identity validation proper role assignment note
diff --git a/articles/trusted-signing/faq.yml b/articles/trusted-signing/faq.yml
@@ -52,7 +52,10 @@ sections:
           No. If you delete a certificate profile, any certificates that were previously issued or used under that profile will remain valid - they won't be revoked.
       - question: Does Trusted Signing allow me to use a custom CN? 
         answer: |
-          Per the CA/B Forum baseline requirements for publicly trusted code signing certs, CN values must be the legal entity's validated name (e.g. Microsoft Corporation) so there isn't much flexibility in CN values. 
+          Per the CA/B Forum baseline requirements for publicly trusted code signing certs, CN values must be the legal entity's validated name (e.g. Microsoft Corporation) so there isn't much flexibility in CN values. However, a `O` value allows for verified legal names, trade names, and DBAs (doing business as). For individuals, there are already requirements for verification of individuals in the baseline requirements that we meet.
+      - question: What do I do if the new identity validation button on the Azure portal is greyed out?
+        answer: |
+          This means you do not have the Identity Verifier role assigned to your account. Follow the [Assigning roles in Trusted Signing](https://learn.microsoft.com/azure/trusted-signing/tutorial-assign-roles) documentation to assign yourself the appropriate role. 
   - name: Signing
     questions:
       - question: What is Trusted Signing’s HSM compliance level?
diff --git a/articles/trusted-signing/quickstart.md b/articles/trusted-signing/quickstart.md
@@ -186,6 +186,9 @@ trustedsigning create -n MyAccount -l eastus -g MyResourceGroup --sku Premium
 
 You can complete your own Identity Validation by filing out the request form with the information that should be included in the certificate.  Identity Validation can only be completed in the Azure portal – it can't be completed with Azure CLI.
 
+> [!NOTE]
+> You will not be able to create an identity validation if you do not have the appropriate role assigned. If the "New identity" button is greyed out on the Azure portal ensure you have the "Trusted Signing Identity Verifier role" in order to proceed with identity validation. 
+
 Here are the steps to create an Identity Validation request:
 
 1. Navigate to your new Trusted Signing account in the Azure portal.
