Venafi 14.1 and above
In TPP, AD Distribution Groups can be assigned to any Contact field. Distribution groups cannot be used as an approver or be used to grant permissions if the group is not security enabled.
When we create workflow tickets, we assign rights to the group that is an approver. In order to assign rights, we require a Security Principle Name. Distribution groups that are not security enabled do not have a security principle name. That is why when we implemented the ability to make Distribution Groups as contacts in TPP, we didn’t allow that type for the approvers field.
Currently, We're not adding support for SMTP email addresses to be assigned.
The workaround of creating local accounts for SMTP email address contacts still applies. The new feature only applies to Contacts. You will still need AD Security Groups (or assign individual users) for Approvers and permissions because both of those require security principals.
Q: What if we have a Distribution Group that is a part of a Security group? Will members of that group inherit permissions assigned to the Security group?
A: No it will not. To grant permissions, there is no work around other than to make the members part of a security group.