Subcustomer Enablement

This behavior in your ​Akamai​ Cloud Embed base configuration controls which individual features can be included and set in a subcustomer's policy.

How it works

A policy is a set of rules and behaviors that are applied when an end user requests a specific subcustomer's content. You can use the ACE API to create individual subcustomer policies. They're defined in a PUT body component included with a specific call from the API.

With this behavior enabled you can enable or disable various options to limit the use of specific behaviors in subcustomer policies.


What you set here applies to all subcustomers assigned to this base configuration. For example, if you set an option to Off, any subcustomer assigned to this base configuration won't be able to configure the associated behavior in their policies. If you want the subcustomer to access a behavior, ensure it's set to On.

Features and options

Dynamic Policy

This enables the behavior settings.

  • Set to On. This is typical. It applies if you want to set up individual policies for each subcustomer. You can enable/disable individual behaviors to meet your needs. (If disabled, that specific behavior can't be modified in an individual subcustomer policy.)
  • Set to Off. This is uncommon and only applies to some lesser-used use cases. For example, this can apply to subcustomer level billing, when different delivery configurations are not required, or for domain validation for certificates. Talk to your account representative for more details on these uses cases.

Partner Domain Suffix

Input the appropriate domain suffix. This is typically the same value you've input for use as your property hostname. We use this value internally to support two things:

  • Domains need to be flagged as trustworthy or acceptable for access by the edge servers. Domain information is typically gathered from the origin server information defined in a Property Manager configuration. However, since an origin can be set dynamically via a policy in ACE, we allowlist the suffix you input here, and add it internally to all origin domains for this purpose.
  • ​Akamai​ uses VIP-based slot-matching in secure ACE configurations. As a result, URL purge doesn’t work for vanity domains. So, you need to use this suffix with domain names while making purge requests. For example, to purge the request should go to<partner domain suffix>/somepath.

Optional Subcustomer Enablement Settings: Quick Reference

The remaining settings here can be enabled to customize these settings on a per-subcustomer basis, by generating a policy using the ACE API.

SettingDescriptionAdditional Reference
  • Set to On. An individual subcustomer's policy can include settings to define a custom origin server, with all associated settings. (What's set for a policy's origin overrides what's set for the origin server behavior. If no origin settings are applied in a policy, what's set for the Origin Server behavior is used.)
  • Set to Off. A subcustomer policy cannot include origin server information. This applies if you want to use the origin you've set as the origin server behavior for all of the subcustomers that are associated with this base configuration.
  • Set to On. You can specify caching settings in an individual subcustomer's policy. What you set for a policy caching settings will override what you've set for the Caching behavior here in the base configuration. (If caching settings are not applied in a policy, what's set for the Caching behavior is used.)
  • Set to Off. You can't change caching settings for a subcustomer via a policy. What is set here in the base configuration for the Caching behavior will be used for all subcustomers.

Referrer Allow/BlockSet this to On to allow dynamic setup of allow referrers or deny referrers in the policy for each subcustomer.N/A
IP Allow/Block
  • Set this to On to enable dynamic setup of an IP allowlist or denylist in the policy for each subcustomer.
  • Set to Off to block the inclusion of IP allowlist/denylist in a subcustomer policy.

Geo Allow/BlockSet this to On to enable the inclusion of a geographic regions allowlist (allow specified continents, countries, regions, and designated market areas—DMAs) or denylist (deny specified geographic regions) in the policy for each subcustomer.N/A
Content RefreshIf you set this to On you can set up content revalidation schedules for each subcustomer in the associated policy.N/A
Modify Forward PathWhen set to On, you can dynamically modify the request path to the content server for each subcustomer in the associated policy.N/A
Cache Key Query ArgumentsWhen set to On you can apply various settings in subcustomers' policies to customize which query string arguments can be included in the ​Akamai​ edge server cache entry (cache-key).N/A
Token AuthenticationSet this to On to configure whether or not edge servers can control access to subcustomer content through the use of tokens. (The token can be transmitted in the client request in a cookie, header, or query-parameter.)N/A
Site FailoverSet this to On to allow configuration of a unique failover site in each subcustomers' policy.N/A
Content CompressorSet this to On to configure file compression on a per subcustomer basis, via their unique policy.N/A
Access ControlWhen set to On, you can deny requests to a subcustomer's content based on certain match conditions. You set up these match conditions in the subcustomer's policy.N/A
Dynamic Web ContentWhen set to On, you can apply various settings to subcustomers' policies to support and streamline the delivery of dynamic web content.How to add dynamic web content support for a subcustomer
Streaming Video On-demand DeliverySet this switch to On to allow addition of streaming on-demand video support via a subcustomer policy.How to add streaming video support for a subcustomer
Large File DeliveryWhen set to On you can apply various settings in subcustomers' policies to support and streamline the delivery of large files (up to 1.8 GB in size).How to add large file delivery support for a subcustomer