Transparent Corporate Access to the CenturyLink Cloud

Identity and Access Management solutions help enterprise IT integrate multiple systems with existing authentication services. These capabilities play a crucial role in public cloud services, where IT is keen to avoid “shadow IT” and deliver self-service access to resources without compromising important InfoSec policies.

Simplifying this process for our customers via automation is a top priority – that’s why our Control Portal includes APIs and webhooks. We also support SAML for federation, single sign-on (SSO) and multifactor authentication (MFA).

That’s “identity.” So what about “access”?

Today, we released a new permissions model that implements an expanded role-based access control (RBAC) capability. These new features empower administrators to grant more granular access to specific areas of the CenturyLink Cloud Control Portal to users.

We’re rolling out eight roles (below) with varying degrees of access, each specifically designed to align with job functions seen within many enterprises today.  The upshot is fine-tuned access control, and enabling a “least-privilege” approach to enterprise cloud management.

Cloud Access that Looks Like Your Current Access

These roles reflect the most frequently requested levels of access, mapping to unique personas.  They range from full control (Account Administrators), specialized areas of expertise (Server Administrators, Server Operators, and Network Managers), specific functional jobs (Billing and DNS Managers), all the way to primarily read-only users (Account Viewers and Security Managers). The last –Account Viewer – is a nice boost in ease-of-use for users that just need read-only access.

We’ve also introduced the Server Operator role to enable the management of servers only, without the additional access to other related items like Alerts or Autoscale policies and Blueprints. You may find the majority of your users will fall into this category, as we see the vast majority of Control Portal interactions happening through the servers and groups interface.

One more addition worth highlighting: the Network Manager role.  This can be used to segregate access to network-specific functionality from other areas of the Control Portal since many organizations have separate workers who only manage the network components.

You can find plenty of tips on applying this new set of roles to your organization in our Practical Guide for Using Roles as well as our Roles Migration Guide. We’ve also published a Permissions Matrix and FAQ with all the information you need to get started using roles on CenturyLink Cloud right away. Sign up for an account now and try it out today!