The document discusses Akamai's user and API management capabilities. It provides an overview of current and upcoming features, including single sign-on, IP whitelisting, user and group management, API management, and access control models. New features planned for 2017-2018 will improve identity management, simplify credential and client management, and allow for more granular access permissions and settings configurations.

1. © AKAMAI - EDGE 2017
User and API Management
Maroo Lieuw

2. © AKAMAI - EDGE 2017
Getting Started with User and API Management
Agenda
• Overview – Today & Future
• Access and Permissions Model
• Use Cases

3. © AKAMAI - EDGE 2017
Where do I go?

4. © AKAMAI - EDGE 2017
Where do I go?

5. © AKAMAI - EDGE 2017
Capabilities : Manage SSO with SAML
Feature Today November 2017
HOSTNAME *.luna-sp.com control.akamai.com
CERT Expiry 2 years 2 years
Attribute userid configurable
Message Signing SHA-1 SHA-256
Active IDP per Account 1 Unlimited

6. © AKAMAI - EDGE 2017
Capabilities : Manage IP Whitelist
Feature Today November 2017
IP Restrict Login Page Direct Login only Direct + New SSO
IP Restrict API Calls NOT Supported NOT Supported

7. © AKAMAI - EDGE 2017
Capabilities : Manage Users & Groups
Feature Today January 2018
Custom Password Policy Yes, by form Yes, by form
2FA Optional Optional & Mandatory
2FA Remember Me Yes, by default Configurable
Custom Session Timeout Per User, default 30 min Account Max Configurable
Custom Auto-Logout Per User, default 18 hours Account Max Configurable

8. © AKAMAI - EDGE 2017
Capabilities : Manage Users & Groups

9. © AKAMAI - EDGE 2017
Capabilities : Manage Users & Groups
New Wizard
January 2018
Choose to send Welcome Email

10. © AKAMAI - EDGE 2017
Capabiltiies : Manage APIs
Maroo@Lieuw
Feature Today 1H 2018
OPEN API Rotate Credentials Create API Clients
Credential Creation API Owner only By permission
Transfer API Client Same Access
(Exact Role & Groups)
By Permission to Anyone

11. © AKAMAI - EDGE 2017
Capabilities: Contact Management / Super User

12. © AKAMAI - EDGE 2017
What is Identity Management

13. © AKAMAI - EDGE 2017
Identity and Access Management
Treat an API Client as a person

14. © AKAMAI - EDGE 2017
What is the Access Control Model?

15. © AKAMAI - EDGE 2017
What are Groups and Contracts?

16. © AKAMAI - EDGE 2017
Access

17. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration
• Property Manager
• The group where you want to property to live,
• CP codes, and
• Edge hostnames.

18. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration
• Standard Roles (Admin, Editor, Publisher, Viewer)
• Admin is NOT a Super or Root Admin
Role Description
Admin May manage users and groups; some configuration
and publishing related tasks
Editor May manage configuration and publishing tasks
Publisher May purge content, upload content and video
streams
Viewer View access

19. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration
• Clone Editor Role

20. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration
• Access Model (Account, Contract)
• Permissions Model (User, Role, Group)

21. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration

22. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration

23. © AKAMAI - EDGE 2017
Use Case: Developer Access To Edit Configuration
Maroo@Lieuw

24. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
API Client Creation:
Default selects your groups
and roles

25. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Explore API Catalog

26. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Filter API Catalog to APIs you
want

27. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
API Client may create new credentials for
itself and update token expiry date

28. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Only API Owner may create credentials

29. © AKAMAI - EDGE 2017

30. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Coming Soon in Q1 2018
Unified Tabs
Visible Based On Permissions

31. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Create New
Users
API Clients

32. © AKAMAI - EDGE 2017
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Simplify Lifecycle Management
Quickly see User and API Clients
Transfer API Clients to new owners

33. © AKAMAI - EDGE 2017
Upcoming Features
FEATURE DESCRIPTION
Lock / Unlock User Immediately disable/ enable ability to login to Luna but not affect API Clients
Lock / Unlock API Client Immediately disable / enable API Client’s access to APIs
Settings Ability to predefine settings common to all users
Mandatory 2FA Ability to mandate all users use 2FA for authentication
Optional Creation Email Create users with no email notifications being sent
Identity Management API An API to automate User and API lifecycle events