Tenant access

If you want to limit product access, you can enable tenant administrator access. This feature can be used by Managed Service Providers (MSP) to restrict and separate access of individual customers. A tenant administrator can complete these operations in Enterprise Threat Protector (ETP):
  • Create locations, policies, and custom lists
  • Manage the locations, policies, and custom lists that a super administrator has allowed them to access
  • Assign locations and custom lists that they created or are allowed to manage in a policy. A tenant administrator can assign these locations and custom lists to a policy they are permitted to access.
  • Deploy locations, policies, and custom lists they created or modified.
  • View and analyze DNS event data on the Dashboard, threat, acceptable use policy, and DNS Summary reports based on assigned locations.
  • Schedule a report. Report results are based on the locations that the tenant administrator is allowed to access.
  • Add email addresses for alert and system issues communication emails. A tenant administrator can add email addresses, but they can only select that users receive alert and system issue communication emails. For the data that’s reported in an alert communication, a tenant administrator can associate the locations they are allowed to manage.
A tenant administrator cannot:
  • View the settings associated with locations, policies, and custom lists that they did not create or that they are not allowed to access.
  • View settings on other configuration pages.
  • Access the ETP Client, Error Pages, Custom Responses, Security Connector, Certificates, and Deployment History. A tenant administrator can access the Communication and the Scheduled Reports pages to add email addresses and schedule reports.
  • View HTTP or HTTPS threat events on the Dashboard and event reports.
  • View network traffic and security connector activity.
These conditions also apply:
  • Tenant administrator access to a deleted location, policy, or custom list is automatically removed after a super administrator makes a tenant access change. If the super administrator makes a change before the deletion is deployed, the tenant administrator cannot deploy it. In this case, the tenant administrator must contact an ETP super administrator to deploy the deleted location, policy, or custom list.
  • If the pending change list includes modifications for lists that are both accessible and not accessible to the tenant administrator, the tenant administrator cannot deploy any of these changes. This includes changes associated with lists they are allowed to access. To deploy these changes, the tenant administrator must contact an ETP super administrator.
If your organization is enabled with this feature, a super administrator assigns the role and then grants access to the locations, policies, and custom lists that they want the tenant administrator to manage.
Note: To enable tenant access in your ETP account, contact your Akamai representative.

After you assign specific locations, policies, and custom lists to a tenant administrator, as a super administrator, you can filter data in your view to see what’s visible to a specific tenant administrator. For more information, see Show data available to a tenant administrator.