The Identity and Access delegation for the parent and child accounts feature allows you to configure access you want to provide to users coming from the parent account.

Terminology

In the context of the parent and child relationship, you need to be familiar with the following terms.

• Parent account. A company account of your Akamai partner.
• Child account. Your, end customer’s, account.
• Child account admins. Users of your account with the account_admin role. They manage access levels for all users on the account, including delegate users.
• Non-admin child account users. Users of your account without the account_admin role. Their access level is managed by a child account administrator.
• User type. On the child account UI, in the Users tab, there are currently two user types available:
  • User. A native user of your account.
  • Delegate Users. Users from the parent account delegated by a parent account administrator on the parent account to have access to your, child, account. Their role assignment is configured on the child account by the child account administrator. You can monitor delegate users’ actions on your account as all actions are logged as events. To learn more see Manage level access for a delegate user or the API Update a user's access level operation. Child account administrators can configure default roles to be assigned to new delegate users through UI or through the API.

Manage delegate users

Manage level access for a delegate user

The child account administrator may configure the role assignment for every user on the account, including delegate users. To learn how to do it, see Check and update users’ role assignment.
Note that you can also configure default roles' assignment, if you want every new delegate user to get a specific set of roles.

View and manage default role assignment for delegate users

Instead of setting up roles for each delegate user separately, you can configure default roles that will be assigned to new delegate users just after being delegated to your account.

📘

All changes to the default roles are applied to delegate users who come to your account after the changes have been saved. For delegate users added prior to the configuration or modification of default roles, you need to update their access separately. To learn how, see Check and update users’ role assignment.

To configure default roles:

1. Log in to Cloud Manager.

2. In the main menu, go to Administration > Identity & Access.

3. Go to the Roles tab.

4. In the Default Roles for Delegate Users section, click View Default Roles. If you don’t see this section, it means that your account is not in the parent and child relationship. If you think this is a mistake, contact Support.
   

5. To update the list:

   • To add a new role:

     1. Click Add New Default Roles.
     2. From the dropdown, select a role you want to add. If you know the name of the role, you can enter it. For the full list of available roles, see Available roles.
     3. If the role is an entity access role, select Entities the role should be applied to.
        
     4. To add more roles, click Add another role.
     5. Click Add. The roles you configured are now added to the Default Roles for Delegate Users tab. They will be assigned by default to all new delegate users on your account.

   • To update the list of entities associated with an entity access role:

     1. Find the role of interest and next to it, click … > Update List of Entities.

        

     2. To add an entity, enter its name into the Entities field.

     3. To remove an entity, click x on the entity tag.

     4. Click Update.

   • To change a role for a specific entity:

     1. Go to the Default Entity Access tab.
     2. Find the entity of interest and next to it, click … > Change Role.
        
     3. From the dropdown select a new role for the entity.
     4. Click Save Changes.

   • To remove a role:

     1. In the Default Roles tab, find the role of interest, and next to it, click … > Remove.
     2. Confirm your choice.