Role-based access control for EAA administrators

Enable role based access control for EAA administrators in Identity and Access Management application in Control Center.

When you have an account with Akamai, for each contract, admin and viewer roles are commonly used for controlling Enterprise Application Access (EAA). Other default roles like editor, publisher are not used in EAA. The admin role has read and write access to the EAA application. The viewer role has read access to the EAA application and cannot make configuration updates. Small organizations normally have one user with admin role, to configure the different components of EAA like connectors, applications, directories, identity providers, and applications, and other users as viewers. Large organizations might have multiple contracts to isolate staging environment and production environment, or for isolation between different geographical locations. They might want to have multiple administrators having different privileges for different contracts. Alternatively, even within one contract, an organization might want to have a unique administrator for each component.

With role-based access control, you get a higher level of control and can fine-tune administration management tasks. It can be seamlessly distributed across multiple administrators by the super administrator of the account with role-based access control in the Control Center. You can also customize the control for different components in EAA to different administrators by choosing the proper permission settings in the Identity and Access Management application on the Control Center.

These portal roles are preconfigured for EAA in the Identity and Access Management application on the Control Center are:

Preconfigured EAA roles and privileges
Preconfigured roles Permission settings Read or Write privileges
Admin Gmbo UI - Admin EAA administrator with read and write access to connectors, identity providers (IdP), directories and applications.
Viewer Gmbo UI - ReadOnly EAA administrator with read access to connectors, identity providers, directories and applications.

The different portal roles that can be configured for EAA in the Identity and Access Management application on the Control Center are:

Configurable EAA roles and privileges
Configurable roles Permission settings Read or Write privileges
EAA applications administrator Gmbo UI - App Admin EAA administrator with read and write access to EAA applications only, and read access to all EAA resources.
EAA connector administrator Gmbo UI -Connector Admin EAA administrator with read and write access to connectors only, and read access to all EAA resources.
EAA identity administrator Gmbo UI – IdP Admin EAA administrator with read and write access to EAA IdP and directories only, and read access to all EAA resources.
EAA custom administrator Any combination of the above settings EAA administrator gets permissions based on which combinations are selected. For example, if you set both Gmbo UI – Connector Admin and Gmbo UI – IdP Admin permissions to one administrator, then he will have write access to connectors, identity providers, and directories, and read access to all EAA resources.

In the Control Center, with Identity and Access Management application, for each contract, you can create custom roles for EAA administration, and assign users belonging to the account to these roles.

Users with read only access might not be able configure or view some of the EAA dashboard features.