About Identity and Access Management
Equinix employs Role Based Access Control (RBAC) for its services, allowing administrators to define a resource hierarchy and assign permissions that propagate to child resources. With RBAC, users have single credentials and clearly defined access permissions.
Features
-
Identity Management – Manage your access and security settings. Link your accounts and switch between them without having to re-login.
-
Customer Resource Hierarchy – View and manage the structure of organizations, projects and resources.
-
User and Access Management – Add users and grant access to the user in a given resource. Create custom roles that suit your internal organization setup.
Identity Management
Identity and Access Management is available for users that have been migrated to Identity and Access Management.
Onboarding is carried out in phases. We will notify you by email before we migrate your organization to Identity and Access Management.
To access the Identity and Access Management portal:
-
Navigate to the Identity & Access Management portal.
-
Enter your user name and password.
noteYour existing Equinix user name and password will continue to work after resource hierarchy migration to Identity and Access Management.
-
Click Sign In.
Equinix Identity Authentication
Equinix has implemented single sign-on (SSO) using email addresses for platform access. New customers are automatically enabled for email-based authentication, while existing customers can migrate through a self-service process. This system allows for logging into Equinix portals with an email address. Users can also manage multi-factor authentication (MFA), including changing methods, generating recovery codes, or deactivating MFA.
What is the Customer Resource Hierarchy?
Customer Resource Hierarchy is a hierarchical structure that reflects your organization setup. It comprises building blocks that include different types of organizations, projects, and product assets such as Fabric connections or Network Edge virtual devices. Create organizations and projects, and manage billing accounts assignment to build a resource structure that matches the setup and operations of your organization.
User and Access Management
Access Management lets you:
- Add users and assign them to Organizations and Projects.
- Assign Roles to control permissions and access to your Equinix assets and resources.
- Create custom roles that suit your internal organization's structure.
Roles provide a convenient way to control user access to projects and assets across your organization. Roles are sets of permissions. They control who gets to access different resources in your organization. Assign roles to users at certain levels to let them access projects, organizations, and product stuff under a specific area.
Permissions give roles their functionality through an industry standard based IAM permissions structure. Each permission takes the form of: Service.Resource.Verb, with Service being the IAM service that is called, Resource defined as the system resource acted upon, and Verb defining the action that is permitted for that permission.
Best Practices
Follow these recommendations for using Identity and Access Management to ensure the security of your Equinix resources.
Grant least privilege - The Principle of Least Privilege (PoLP) is an information security concept where a user has the minimum levels of access – or permissions – needed to perform their job functions. PoLP extends beyond user access as it creates automatic resource controls within a system hierarchy. Your Primary or IAM Admin must decide what users need to act upon and assign them only the appropriate roles.
Allow roles to manage permissions - Rather than creating custom permissions, allow the built-in roles and permissions to manage access to your projects and assets. This approach requires less overhead, allowing you to focus on administering the overall hierarchy, organizations, and projects.
Custom Roles allow you to select only the permissions that you want for a role of your own design.