You may create properties within a private space or an organization.
Private: Access to properties created within a private space is restricted to your user account. You should only use this space for properties that do not require collaboration.
If you have not created an organization yet, then the Edgecast Console will only display your private space.
Organization: Edgecast allows you to collaborate with other team members through an organization. An organization provides a hub for all property-related tasks, such as managing a property’s configuration, deploying code, and reviewing analytics.
A breakdown of organization and private spaces is illustrated below.
From the Edgecast Console, click on the icon next to your name and then click on Create an Organization.
In the Organization Name option, assign a name to your organization (e.g., my-company) and then click Create an Organization.
As shown above, the URL for your organization’s Web Properties page is formed by appending your organization’s name to the Edgecast Console’s base URL. Additionally, an organization’s edge link starts with the organization’s name (e.g., https://my-company-nature-videos-production.edgio.link/).
Upon creating a user, you must assign a role that will be applied at the organization level. By default, this role is applied across all of the organization’s properties and environments. However, you may customize a member’s access by granting one of the following roles to a specific property or environment: Viewer, Purger, Editor, or Maintainer.
Role
Description
None
This role, which is only available at the organization level, does not grant any permissions to the organization. As a result, a member that has been granted this role will not inherit permissions to properties or environments by default. This allows you to restrict a member’s access to properties or environments to which you have explicitly granted permissions.
Viewer
This role grants read-only access.
If applied at the organization level, then the user will have read-only access to the organization’s settings, properties, and environments.
Purger
This role grants the Viewer role along with the ability to purge content.
If applied at the organization level, then the user may purge content for any of the organization’s properties.
Security Auditor
This role grants the Viewer role along with the ability to view all security-related features.
Security Manager
This role grants the Viewer role along with the ability to manage all security settings.
Editor
This role grants the capability to configure properties and to configure, deploy, and purge environments. However, this role does not grant the ability to configure, deploy, or purge an environment that has been restricted to the Maintainer role.
Maintainer
This role grants the Editor role along with the ability to create and delete properties and environments.
Admin
This role grants full access to the entire organization including the ability to manage members and API clients.
Edgecast offers single sign-on (SSO) integration for SAML 2.0 identity providers. This type of integration allows Edgecast to delegate authentication to your identity provider. We support the following workflows:
Edgio-Initiated Workflow: This common SSO workflow requires users to browse to the Edgecast Console. After which, Edgecast will authenticate the user’s identity with your identity provider. A high-level overview of this workflow is illustrated below.
Identity Provider-Initiated Workflow: This SSO workflow requires users to load the Edgecast Console through your identity provider. A high-level overview of this workflow is illustrated below.
Establishing a SSO workflow requires a custom integration between our identity service and your identity provider.
To request SSO integration with a SAML 2.0 identity provider
Contact your account manager or our sales department at 1 (866) 200 - 5463 to get started. Be prepared to provide the following information:
SAML Request Signing Certificate: An X.509 certificate in PEM format. Edgecast uses this certificate to sign the SAML request sent to your identity provider.
Login URL: Edgecast redirects users to this URL to perform an authentication challenge.
Logout URL: Edgecast requests a single or global logout through this URL.
RelayState: Edgecast redirects users to this URL upon authentication. This URL should be:
https://api.edgio.app/initiate-sso
SAML 2.0 metadata in XML format.
Add the desired users to the Edgecast Console. Make sure that the email addresses defined within the Edgecast Console match those defined within your identity provider.
From within your identity provider, use the following information to configure Edgecast as a service provider:
Entity ID:https://id.edgio.app
Assertion URL:https://id.edgio.app/saml/assert
Login URL:https://id.edgio.app/saml/login
Logout URL:https://id.edgio.app/saml/logout
Digest:sha256 | sha512
Signature:sha256 | sha512
Sign Request:TRUE | FALSE
Sign Response:TRUE | FALSE
Encrypt Assertion:TRUE | FALSE
Set up a SAML assertion subject for each email address that should have SSO access to the Edgecast Console.
Set the Subject NameID value to the email address format. The vendor-specific attibute for the email address claim is typically either email or emailaddress. Choose the correct attribute for the NameID format.
Optional. Set up custom attribute statements for the user’s name. Use the following schema namespaces:
Maintain SSO operability by renewing your SAML request signing certificate prior to expiration. Certificate renewal requires providing a new SAML request signing certificate in PEM format to either your account manager or technical customer support.
As shown above, the URL for your organization’s Web Properties page is formed by appending your organization’s name to the Edgecast Console’s base URL. Additionally, an organization’s edge link starts with the organization’s name (e.g.,
