Access and manage EAA Legacy UI from Control Center

In ​Akamai Control Center​ you can manage groups and properties for your ​Akamai​ accounts and monitor, configure, resolve, and plan your products.

Control centerControl center

  • Account selector (1). Select the account or contract.

  • Services menu (2). To access EAA Management Portal, select ENTERPRISE SECURITY > Enterprise Application Access.
    The contents and products under these menus may change based on the selected account or contract.

πŸ“˜

If you do not see the content or product in the menu, make sure the correct account or contract is selected. For further assistance contact your account representative or visit the Control Center help.

Access EAA Management Portal Legacy UI from ​Akamai Control Center​

  1. Log in to ​Akamai Control Center​ at <<PORTAL_URL>>.

  2. Go to ☰ > ENTERPRISE SECURITY > Enterprise Application Access.

  3. Click Legacy UI.

legacy_EAA_UIlegacy_EAA_UI

You can access the legacy version of Enterprise Application Access.

You will see a banner message:

legacy_EAA_UI_bannerlegacy_EAA_UI_banner

We recommend that you migrate to the EAA in Enterprise Center since the legacy UI will be decommissioned soon.

🚧

Control Center is not supported on Microsoft Edge browser.

Manage role-based access control

Enable role based access control for Enterprise Application Access (EAA) administrators in Identity and Access Management application in ​Akamai Control Center​. When you have an account with ​Akamai​, for each contract, admin and viewer roles are commonly used for controlling Enterprise Application Access (EAA). Other default roles like editor, publisher are not used in Enterprise Application Access. The admin role has read and write access to the EAA application. The viewer role has read access to the EAA application and cannot make configuration updates. Small organizations normally have one user with admin role, to configure the different components of Enterprise Application Access like connectors, applications, directories, identity providers, and applications, and other users as viewers. Large organizations might have multiple contracts to isolate staging environment and production environment, or for isolation between different geographical locations. They might want to have multiple administrators having different privileges for different contracts. Alternatively, even within one contract, an organization might want to have a unique administrator for each component.

With role-based access control, you get a higher level of control and can fine-tune administration management tasks. It can be seamlessly distributed across multiple administrators by the super administrator of the account with role-based access control in ​Akamai Control Center​. You can also customize the control for different components in Enterprise Application Access to different administrators by choosing the proper permission settings in the Identity and Access Management application in ​Akamai Control Center​.

These portal roles are preconfigured for Enterprise Application Access in the Identity and Access Management application in ​Akamai Control Center​ are:

Preconfigured rolesPermission settingsRead or Write privileges
AdminGmbo UI - AdminEAA administrator with read and write access to connectors, identity providers (IdP), directories and applications.
ViewerGmbo UI - ReadOnlyEAA administrator with read access to connectors, identity providers, directories and applications.

The different portal roles that can be configured for Enterprise Application Access in the Identity and Access Management application in ​Akamai Control Center​ are:

Configurable rolesPermission settingsRead or Write privileges
EAA applications administratorGmbo UI - App Admin​Control Center​ administrator with read and write access to EAA applications only, and read access to all EAA resources.
EAA connector administratorGmbo UI - Connector AdminEAA administrator with read and write access to connectors only, and read access to all EAA resources.
EAA identity administratorGmbo UI - IdP AdminEAA administrator with read and write access to EAA IdP and directories only, and read access to all EAA resources.
EAA custom administratorAny combination of the above settingsEAA administrator gets permissions based on which combinations are selected. For example, if you set both Gmbo UI - Connector Admin and Gmbo UI - IdP Admin permissions to one administrator, then your administrator have write access to connectors, identity providers, and directories, and read access to all EAA resources.

In ​Akamai Control Center​, with Identity and Access Management application, for each contract, you can create custom roles for EAA administration, and assign users belonging to the account to these roles.

Users with read only access might not be able configure or view some of the EAA Dashboard features.

Create a custom role on ​Akamai Control Center​

The administrator for the account can create EAA app admin, EAA connector admin, EAA identity admin for controlling different Enterprise Application Access resources. It gives certain control for read and write privileges for different Enterprise Application Access components.

  1. Go to ☰ > ACCOUNT ADMIN > Identity & access.

  2. Select Roles.

  3. Click Create role. In Create a new role configure the following:

    1. In Enter Name type a name for the custom role.

    2. In Enter Description type a description for the custom role.

    3. In Summary enter a list of products.

  4. Select All permissions. Based on the type of access required for the role, the administrator can select one or more of the permissions for controlling Enterprise Application Access:

Admin roleWrite and Read access resource typeReady only access resource type
Gmbo UI - App Adminβœ“ EAA applicationβœ“ all
Gmbo UI - Connector Adminβœ“ EAA connectorβœ“ all
Gmbo UI - IdP Adminβœ“ EAA identity provider (IdP)βœ“ all

Further customization is possible by selecting multiple choices, for example, you can have Gmbo - App Admin and Gmbo - Connector Admin set to one administrator, so that your admin has read and write access to application, connector, and read access to identity provider, and directory.

πŸ‘

If you need to control other ​Akamai​ products, you can choose the permissions to access those products.

  1. Click Save.

Add a user to a portal role in ​Akamai Control Center​

You can add any user belonging to the account, to do administration of the different resources like applications, connectors, identity providers (IdP) or directories.

  1. Open the application.

    • In the ​Akamai Control Center​, go to ☰ > ACCOUNT ADMIN > Identity & access.

    • In the classic Luna UI, on the Configure menu, go to Organization and click Manage Users & Groups.

  2. Select Users and API Clients.

  3. In Group select All Groups.
    All the users associated with the account within all groups are shown.

  4. Select the user whose role needs to be modified.

  5. Select Edit roles.
    All of the contracts are in the Group name column. All of the roles of this user for each contract are in the Roles column.

  6. Select the contract for which you want to change the privileges for the user.

  7. In Roles click Edit and enter the new role you created and update the role of the user.

  8. Click Save. The user's role for the contract gets updated.

  9. When the user logs into the EAA Management Portal for the appropriate contract, based on the permissions set by the account administrator, they are allowed to access that resource.

Example:
There are three contracts for an account. The user user_a@gmail.com has an admin role for contract_1, unassigned roles for contract_2 and contract_3, initially.

initial_rbac_settinginitial_rbac_setting

If you want to grant read and write access only to the EAA application resource for this user, update a custom role of EAA-App-Admin.

custom_rbac_settingcustom_rbac_setting

With the updated permissions, when the user logs in with valid credentials, they can make configuration updates in Applications. But when they try to access identity provider, directory, or connectors they get the error message: You are not authorized to perform this operation. Please contact your administrator.


Did this page help you?