FAQs
I am currently an Equinix Customer Portal Primary Admin, is there an equivalent role in IAM?
There are several hierarchy administrative roles in IAM:
- IAM Admin – The IAM Admin assigns roles to other users and can self-assign all governance roles.
- Finance Admin – The Finance Admin governs billing accounts and associations.
- Org Admin – The Org Admin manages organization access and resources.
- Project Admin – The Project Admin manages projects and project resources.
- Operator Roles – Operator roles are explicitly assigned to each Equinix product (for example, Network Edge Viewer, Equinix Fabric Viewer, and so on).
- Partner Admin – The Partner Admin is the Organization Admin for Reseller accounts, with complete control over resources within reseller organizations.
In the legacy Equinix permissions model (PDS), the Primary Admin is the primary customer Admin, an all-encompassing role. In Equinix IAM, those permissions are distributed into three main governance roles using the principle of least privilege – the IAM Admin, Org Admin, and Project Admin.
Why does my Company Admin user have limited access to the Identity and Access Management portal's features?
This occurs when the Company Admin account in question has been created in the legacy PDS system after your customer resource hierarchy was migrated to Identity and Access Management.
What is the Principle of Least Privilege (PoLP)?
PoLP is an information security concept where a user has the minimum levels of access – or permissions – needed to perform their job functions. This extends beyond user access as it creates automatic resource controls within a system hierarchy.
How can I assign a user to my organization or project?
Only IAM roles, not users, can be assigned to organizations and project. Each user must be active and have a role assignment before they can work within IAM.
See Invite New Users and Roles.
Are user support options available for IAM?
Yes. The best place to start is on the IAM Support page. Support options exist for both Equinix Fabric and Network Edge users.
Can I create my own Custom IAM roles for my organizations?
Yes. IAM has both fundamental user roles and custom roles of your own design that can be reused and cloned. See Custom Roles.
Is there a tour of the Identity and Access Management portal?
Yes. The first time you log in to the Identity and Access Management portal after your migration, an Appcues user interface tour plays in the portal.
What is the default project? Can I edit the name of the default project?
A default project is created when your organization is onboarded to Identity and Access Management. All the digital assets will be moved under the default project. Initially when the organization is migrated the default project will be named Project – XYZ where XYZ is a number. The name of the default project is editable.
Why is the ECP Mobile login not accepting my PDS credentials?
As of Sep 2023, to log into ECP Mobile, you can now use the same credentials as the desktop. Previously, you would have to use separate credentials. Now they have been unified. The old PDS credentials will no longer work for logging into mobile ECP.
What is an IAM Admin role?
An IAM admin manages users, creates custom roles and assigns roles (both system and custom) to principals (users) in the resource hierarchy. An IAM admin also has the authority to invite other users to the organization.
What is Inheritance? How do roles get inherited?
Users assigned a role to an organization automatically inherit access to organizations and projects nested under the given organization node. This applies to existing organizations and projects as well as future organizations and projects created under this organization. Changes in role assignments on a specific hierarchy level are also reflected in the underlying organizations and projects. In other words, if a role assignment is done at a specific resource, the users will get the same role in the child resources as well.
If the users in my organization do not have permission to order digital products, how do the users get those permissions?
The IAM Admin of the organization needs to authorize the users by assigning the product ordering roles to the users in the Organization. Refer to the Roles and Permissions Reference for the product specific roles.
How does a new user get added to the Organization in the IAM ?
An IAM admin is the only authorized person to add new users to the organization. The users can be added through the “Add user” flow in the IAM console. See Invite New Users.
What is Asset Level Permission?
Asset (or Instance) level permission allows users to assign permissions to the specific instance of a product (such as Fabric Port). IAM Admins can assign roles on the specific instance of a product. These permissions exist today only for Fabric port. There are only 2 roles available today for the Instance level permissions : Fabric Port Manager and Fabric Port Viewer. Refer to Asset Level permissions for more details.
How do I assign roles to the users in my organization?
IAM admin is the authorized person to assign roles to the users in your organization. IAM admin can assign roles by navigating to the user's page, selecting the user and clicking on grant access. See Grant Access to Organizations or Projects.
What will happen to the users' permissions after the migration of organization to IAM?
Users will not lose any permissions after migration to the IAM platform. Users will have all the permissions what they had in the original system, and they can continue to perform the tasks what they were initially performing. However, these permissions will be bound under roles in the new platform and users will have the roles assigned to them.
What changes will I see when my organization is onboarded to the IAM platform?
After migrating the organization to the new IAM platform, IAM admin will see the “Identity and Access Management” and “Resource Management” menu items on the left navigation.
IAM admin can navigate to the Resource Management page, and they will see the organization, billing accounts of that organization and a default Project under that organization. All the digital assets of the users will be in that default project. Default project will be named as project-XYZ where XYZ is a number.
IAM admin can navigate to the “Identity and Access Management” and they can see their users in that page . The “users” tab will display the list of users assigned a role in a given context and the “roles” page will display the roles available and the number of users who have been assigned those roles.
What if I order the digital assets offline?
All the digital assets ordered offline will be shown under the default project of your organization. Upon navigating to the Resource Management page, you will see the default project labelled as Project-XYZ where XYZ is a number, and the digital assets will be under this project.
Can I assign the IAM Admin roles to any node in the hierarchy?
Yes, IAM Admin role can be assigned at any node in the Resource hierarchy. However, with the concept of inheritance that user will be the IAM admin for all the organizations and projects nested under that node.
Do Resellers and End customers have any roles specifically designated for them?
Reseller Specific Roles: Partner Admin, Partner Viewer, Fabric Partner Resource Manager
End Customer specific Roles: End Customer Admin, End Customer Viewer, End Customer Fabric Manager, End Customer Fabric viewer.
End customer specific roles can also be assigned to the users of the Reseller Org to manage their end customers, but reseller specific roles are restricted from the assignment to the end customer users.
To learn more about these roles, see Roles and Permissions Reference.