Partners

The Identity and Access delegation for the parent and child accounts feature allows you to configure which user of your account should have access to which child accounts.

Terminology

Parent account

In the context of your account type, you need to be familiar with the following terms.

Parent account. Your, Akamai partner, account.
Parent account admins. Parent account users with the account_admin role. They manage the parent account, including access levels of other users on the parent account. They don’t have access to child accounts by default. In order to get access to a child account, they need to add themselves to the account delegation.
Non-admin parent account users. Users of the parent account that don't have the account_admin role. Their access level depends on the roles assigned to them by the parent account’s administrator. They don’t have access to child accounts by default. In order to get access to a child account, the parent account admin needs to add them to the account delegation.
Account delegation. A group of parent account users, either admin or non-admin, delegated to manage a specific child account. In order for a parent user to be visible on a child account User list and have access to it, they need to be added to the account delegation.

To learn how to add a user to an account delegation, see View and manage child account delegations or the API operation Update the account delegation for a child account.

Parent and child relationship

In the context of the parent and child relationship, you need to be familiar with the following terms.

Parent account. Your, Akamai partner, account. One parent account may manage many child accounts.
Child account. An account of your end customer.
Child account admins. Users of the child account with the account_admin role. They manage the child account, including access levels for other users on the account; including delegate users from the parent account.
Non-admin child account users. Users of the child account who don’t have the account_admin role.
User type. On child account’s UI, in the Users tab, there are currently two user types available: User and Delegate User.
- User. A native user of a child account.
- Delegate user. A parent account user delegated by a parent account administrator on the parent account to have access to the specific child account. Their access on the child account is configured on the child account by the child account administrator. If the child account administrator provides the delegate user with the account_admin role on the child account, the delegate user can fully manage the account, including its users.

When a parent and child relationship between accounts is created, a delegate user is assigned the initial set of default roles consisting of:

account_oauth_client_admin
account_event_viewer
account_notification_viewer
account_maintenance_viewer
account_vpc_viewer
account_viewer.

However, the access to the child account is defined on the child account by a child account administrator. They may overwrite this setup and configure a different set of roles to be assigned to new delegate users by default.

Manage delegations

View and manage child account delegations

As a parent account administrator, you can delegate a parent account user to have access to a child account or remove a user from the delegation to prohibit them from accessing the account.

The delegate user role assignment on a child account is configured by a child account administrator on the child account.

Before you begin:
In order to add a user to a delegation, they need to be added as users to the parent account. To learn how to do it, see Add a user.

To view and manage the delegations:

Log in to Cloud Manager.
In the main menu, go to Administration > Identity & Access.
Go to the Account Delegations tab. Here you have the list of all your child accounts with the list of users delegated to them. If you don’t see this tab, it means that your account is not in the parent and child relationship. If you think this is a mistake, contact Support.
To update the delegation, click Update Delegation next to the child account you need to modify.
- To add a user:
  1. Enter their username.
  2. Click Save Changes. The user is now added to the account delegation and is added to the Users list on the child account as a Delegate User. Their role assignment on the child account depends on the child account settings.
- To remove a user:
  1. Click x on their user tag.
  2. Click Save Changes. The user is removed from the account delegation and from the Users list on the child account. They can no longer switch to this particular child account.

View user’s delegations

You may need to review whether a specific user is delegated to all the child accounts they should have access to.

To view user’s delegations:

Log in to Cloud Manager.
In the main menu, go to Administration > Identity & Access.
In the Users tab, find the user of interest, and next to them click … > View Account Delegations. Here you have the list of all child accounts on which the user is the delegate user. If you don’t see this option, it means that your account is not in the parent and child relationship. If you think this is a mistake, contact Support.

To update the assignment, see View and manage child account delegations.

Switch accounts

To switch accounts, you need to be part of an account delegation. Your access on a child account, depends on the roles assigned to your corresponding delegate user in the child account.

To switch accounts:

Log in to your parent account in Cloud Manager.
In the top corner, click the name of your account.
Click Switch Account. If you don’t see this button, it means you're not a delegate user and you need to ask the parent account administrator to delegate you to a specific child account or your account is not involved in the parent and child relationship.
Select an account from the list you want to switch to. Note that you can click Switch Back To Your Account to switch back.

Updated about 1 hour ago