top of page
Search

Account, Entity and IAM User

Updated: Feb 10


On Bumblebee platform, administrators are organized in the hierarchy shown blow.



There are three general concepts: Account, Entity and IAM user. The main purpose is to provide access privileges and flexibility in managing multiple customers.


Account

There is one root account created when a customer creates an account on the platform. This account can create IAM user at this level.


Entity

Entity is an abstract created by Account. An entity may create an IAM user under the entity. A device can be assigned to an entity and become visible only the entity IAM user or the root account IAM user, but not by other entity's IAM users.


To create an Entity, follow the steps below:


  1. Login to the Bumblebee portal

  2. On the left navigation menu, click Entities

  3. Click Add Entity


IAM User

An IAM user may have read and write privilege or read only privilege.

An IAM user associated with the Account have visibility to all entities and devices. An IAM user associated with an Entity only has visibility to the devices associated with the entity.


To create an IAM User, follow the steps below:


  1. Login to the Bumblebee portal

  2. On the left navigation menu, click IAM

  3. Click Add IAM User


Assign IAM User to Entity

As seen in the above diagram, an IAM user created with a scope of Entity can manage resources such as CPE devices in that scope. On the other hand, an IAM user with a scope of the root account can all resources except billing.


To assign an IAM user to an Entity, follow the steps below:


  1. Login to the Bumblebee portal

  2. On the left navigation menu, click IAM

  3. Select one IAM user, click Actions

  4. Click Assign Entity

  5. In the drop down menu, select one Entity


  6. The assigned Entity can be changed for an IAM user by going through the above steps again.


Assign CPE Device to Entity

CPE devices are managed by root account and its IAM users. A CPE device can also be assigned to an Entity so that IAM users under the Entity can only manage the set of devices under Entity.


To assign a CPE device to Entity, follow the steps below:


  1. Login to the Bumblebee portal

  2. On the left navigation menu under Intelligent Edge, click

  3. Select a device, click Actions

  4. Click Assign Entity


Example Use case

Bumblebee platform allows IAM users with different scopes to login to the portal and be the administrator for the that scope. This is accomplished by using entities.


In this example, an ISP provider wishes to allow their customers to access the Bumblebee portal for self-service and also receive alert messages. They can accomplish this by creating IAM users under Entities.


Imagine an ISP provider Uni-Tech. Uni-Tech manages many enterprises Internet access. Uni-Tech creates an account on Bumblebee platform. For each of their customers, Uni-Tech creates an Entity. For example, an Entity named Enterprise-A. Under this Entity Enterprise-A, Uni-Tech creates a few IAM users for Enterprise-A admins to login to Bumblebee platform to view the health of the devices.


Expanding Entity to 2 levels

There can be 2 levels of entity, as illustrated in the diagram below.


2 level entity diagram
2 level Entity diagram

As shown in the above diagram, IAM users at the account level can create Entities and create IAM users associated with a specific Entity. The IAM users at the Entity level can create a Entities (Child Entity) and IAM users associated with the said Entity.


The use case for using scenario is as follows:

  1. A service provider A provides the Bumblebee service to service provider B which in turns provides services to its business customers X and Y.

  2. In this scenario, service provider A owns an account on Bumblebee platform and create Entity-B and IAM users for Entity-B IT personals for service provider B on the platform.

  3. Service provider B then creates Entities named Child-Entity-X and Child-Entity-Y and associated IAM users, each representing a customer of service provider B.

  4. Child-Entity-X IAM users can login and access the Bumblebee platform and view the devices for Entity-X

  5. Child-Entity-Y IAM users can login and access the Bumblebee platform and view the devices for Entity-Y

  6. Entity-B IAM users can login and access the Bumblebee platform and view the devices for both Child-Entity-X and Child-Entity-Y


Note the multi-level Entity can be also created by the account IAM users, providing the flexibility of how multi-tiered privileges can be managed.

Recent Posts

See All

Comments

bottom of page