Access and manage EAA from Control Center

In ​Akamai Control Center​ you can manage groups and properties for your ​Akamai​ accounts and monitor, configure, resolve, and plan your products.

Control centerControl center

  • Account selector (1). Select the account or contract.

  • Services menu (2). Select ENTERPRISE SECURITY > Enterprise Center.
    The contents and products under these menus may change based on the selected account or contract.

πŸ“˜

If you do not see the content or product in the menu, make sure the correct account or contract is selected. For further assistance contact your account representative or visit the Control Center help.

Access Enterprise Center from ​Akamai Control Center​

  1. Log in to ​Akamai Control Center​ at <<PORTAL_URL>>.

  2. Go to ☰ > ENTERPRISE SECURITY > Enterprise Center.

Alternatively, you can go to ☰ > ENTERPRISE SECURITY > Enterprise Application Access and click Try Enterprise Center to open the Enterprise Center in a new tab.

🚧

Control Center is not supported on Microsoft Edge browser.

Manage role-based access control

Enable role based access control for Enterprise Application Access (EAA) administrators in Identity and Access Management application in ​Akamai Control Center​. When you have an account with ​Akamai​, for each contract, admin and viewer roles are commonly used for controlling Enterprise Application Access (EAA). Other default roles like editor, publisher are not used in Enterprise Application Access. The admin role has read and write access to the EAA application. The viewer role has read access to the EAA application and cannot make configuration updates. Small organizations normally have one user with admin role, to configure the different components of Enterprise Application Access like connectors, applications, directories, identity providers, and applications, and other users as viewers. Large organizations might have multiple contracts to isolate staging environment and production environment, or for isolation between different geographical locations. They might want to have multiple administrators having different privileges for different contracts. Alternatively, even within one contract, an organization might want to have a unique administrator for each component.

With role-based access control, you get a higher level of control and can fine-tune administration management tasks. It can be seamlessly distributed across multiple administrators by the super administrator of the account with role-based access control in ​Akamai Control Center​. You can also customize the control for different components in Enterprise Application Access to different administrators by choosing the proper permission settings in the Identity and Access Management application in ​Akamai Control Center​.

These portal roles are preconfigured for Enterprise Application Access in the Identity and Access Management application in ​Akamai Control Center​ are:

Preconfigured rolesPermission settingsRead or Write privileges
AdminEAA - AdminEAA administrator with read and write access to connectors, identity providers (IdP), directories, applications, and reports.
ViewerEAA - ReadOnlyEAA administrator with read access to connectors, identity providers, directories, applications, and reports.

The different portal roles that can be configured for Enterprise Application Access in the Identity and Access Management application in ​Akamai Control Center​ are:

Configurable rolesPermission settingsRead or Write privileges
EAA applications administratorEAA - App Admin​Control Center​ administrator with read and write access to EAA applications only, and read access to all EAA resources.
EAA connector administratorEAA - Connector AdminEAA administrator with read and write access to connectors only, and read access to all EAA resources.
EAA identity administratorEAA - IDP AdminEAA administrator with read and write access to EAA IdP and directories only, and read access to all EAA resources.
EAA reports administratorEAA - Report AdminEAA administrator with read and write access to EAA Reports only, and read access to all EAA resources.
EAA custom administratorAny combination of the above settingsEAA administrator gets permissions based on which combinations are selected. For example, if you set both EAA - Connector Admin and EAA - IdP Admin permissions to one administrator, then your administrator have write access to connectors, identity providers, and directories, and read access to all EAA resources.

In ​Akamai Control Center​, with Identity and Access Management application, for each contract, you can create custom roles for EAA administration, and assign users belonging to the account to these roles.

Users with read only access might not be able configure or view some of the EAA Dashboard features.

Create a custom role on ​Akamai Control Center​

The administrator for the account can create EAA app admin, EAA connector admin, EAA identity admin for controlling different Enterprise Application Access resources. It gives certain control for read and write privileges for different Enterprise Application Access components.

  1. Go to ☰ > ACCOUNT ADMIN > Identity & access.

  2. Select Roles.

  3. Click Create role. In Create a new role configure the following:

    1. In Enter Name type a name for the custom role.

    2. In Enter Description type a description for the custom role.

    3. In Summary enter a list of products.

  4. Select All permissions. Based on the type of access required for the role, the administrator can select one or more of the permissions for controlling Enterprise Application Access:

Admin roleWrite and Read access resource typeReady only access resource type
EAA - App Adminβœ“ EAA applicationβœ“ all
EAA - Connector Adminβœ“ EAA connectorβœ“ all
EAA - IdP Adminβœ“ EAA identity provider (IdP) and directoriesβœ“ all
EAA - Report Adminβœ“ EAA Reports (IdP)βœ“ all

Further customization is possible by selecting multiple choices, for example, you can have EAA - App Admin and EAA - Connector Admin set to one administrator, so that your admin has read and write access to application, connector, and read access to identity provider, directory, and EAA reports.

πŸ‘

If you need to control other ​Akamai​ products, you can choose the permissions to access those products.

  1. Click Save.

Add a user to a portal role in ​Akamai Control Center​

You can add any user belonging to the account, to do administration of the different resources like applications, connectors, identity providers (IdP) or directories.

  1. Open the application.

    • In the ​Akamai Control Center​, go to ☰ > ACCOUNT ADMIN > Identity & access.

    • In the classic Luna UI, on the Configure menu, go to Organization and click Manage Users & Groups.

  2. Select Users and API Clients.

  3. In Group select All Groups.
    All the users associated with the account within all groups are shown.

  4. Select the user whose role needs to be modified.

  5. Select Edit roles.
    All of the contracts are in the Group name column. All of the roles of this user for each contract are in the Roles column.

  6. Select the contract for which you want to change the privileges for the user.

  7. In Roles click Edit and enter the new role you created and update the role of the user.

  8. Click Save. The user's role for the contract gets updated.

  9. When the user logs into the Enterprise Center for the appropriate contract, based on the permissions set by the account administrator, they are allowed to access that resource.

Example:
There are three contracts for an account. The user user_a@gmail.com has an admin role for contract_1, unassigned roles for contract_2 and contract_3, initially.

initial_rbac_settinginitial_rbac_setting

If you want to grant read and write access only to the EAA application resource for this user, update a custom role of EAA-App-Admin.

custom_rbac_settingcustom_rbac_setting

With the updated permissions, when the user logs in with valid credentials, they can make configuration updates in Applications. But when they try to access identity provider, directory, or connectors they get the error message: You are not authorized to perform this operation. Please contact your administrator.


Did this page help you?