Illumio Managed Services PortalProcedures

This section includes the procedures for setting up and using the Illumio Managed Services Portal.

For a recommended workflow of tasks, see Typical Workflow.

For detailed information about using Illumio Core, Illumio Xpress, and Illumio Edge, see the following documentation:

Illumio Product Product Documentation
Illumio Core
Illumio Xpress
Illumio Edge

Add a Managed Tenant

NOTE:

You must be a Global Organization Owner to add a customer tenant. For details, see Manage RBAC for Your Illumio Managed Services Portal.

When you add a tenant:

  • An Illumio organization is created automatically for your customer.
  • An audit event is generated automatically. You can view these events from your Illumio organization in Troubleshoot > Events. The user ID of the logged-in MSSP user appears on the Events page in the Generated By field.
  1. Log in to your Managed Services Portal organization.

  2. On the My Managed Tenants page, click Add, and then select the type of tenant you want to add:

    • Core Tenant
    • Express Tenant
    • Edge Tenant

  3. Enter details:

    • Name: Enter a descriptive name for the new tenant.
    • Customer Domain: Enter a globally unique name in the form of a domain (example.com).
    • Company URL: Enter the customer's company website URL.
    • Country
    • Address lines 1 & 2
    • City
    • State
    • Zip Code
  4. Click Save.

Remove a Managed Tenant

NOTE:

You must be a Global Organization Owner to add a customer tenant. For details, see Manage RBAC for Your Illumio Managed Services Portal.

When you remove a tenant:

  • The tenant is deleted and can't be restored. (The ability to restore a deleted tenant is planned for a future release.)
  • The active VEN count for the tenant is reduced to zero.
  • An audit event is generated automatically. You can view these events from your Illumio organization in Troubleshoot > Events. The user ID of the logged-in MS/MSSP user appears on the Events page in the Generated By field.

To remove a tenant:

  1. Log in to your Managed Services Portal organization.
  2. Select the tenant you want to remove.
  3. Click Remove.

Access Your Managed Tenants

NOTE:

You must be a Global Organization Owner to add a customer tenant. For details, see Manage RBAC for Your Illumio Managed Services Portal.

  1. Log in to your Managed Services Portal organization.

    The Managed Services Portal Home screen lists up to 500 of the tenants you're currently managing.

  2. In the list, find the tenant that you want to access, and then click Manage Tenant for that tenant.

    You're redirected to the customer's tenant in the Illumio product where it resides (Core, Xpress, Edge).

  3. To return to your Managed Services Portal organization, click the upper right-hand corner of the console, click your username, and then select My Managed Tenants from the drop-down menu.

For Illumio product details, see the links in the following table:

Illumio Product Product Documentation
Illumio Core
Illumio Xpress
Illumio Edge

Customize the Managed Tenants List

You can change the appearance of the managed tenants list in several ways:

Refresh the list

Click to update the number of VENs in the list.

Re-order the list

To reorder the Managed Tenants list according to the contents of a given column, click the appropriate column heading. For example, if you want to order the list by Illumio product, click the Product column heading.

Add or remove columns; reset to default sorting

By default, all columns appear in the list, sorted by tenant name.

  • To add or remove columns from the Managed Tenants list, click Customize Columns and select the columns you want to appear.
  • To reset the entire list page to the default order by Name, click Reset.

View user activity

You can view a list of user activity through the Access menu.

  1. Log in to your Managed Services Portal organization.
  2. Select Access and then select User Activity. Session details for each user appear.
  3. Click a user to view the role assigned to that user. The User Activity page also displays users who were removed and are offline.

Manage Your Profile

Your Managed Services Portal profile is created automatically when Illumio creates your Managed Services Portal organization.

You can edit the following fields in your profile:

  • Name
  • Time Zone
  • Color Mode
  • Password

The following fields cannot be edited:

  • Email address/Username
  • My Organization name
  • My Organization ID

To edit your profile:

  1. Log in to your Managed Services Portal organization.

  2. In the upper right-hand corner of the console, click your username, and then select My Profile from the drop-down menu.

  3. Make your edits.
  4. Click Save.

Manage RBAC for Your Illumio Managed Services Portal

This section briefly describes how to configure and manage role-based access (RBAC) for the users in your Managed Services Portal organization.

Types of Roles

  • Global Organization Owner:
    • Manage all aspects of the Managed Services Portal organization, including management of the users they invite to their MSP/MSSP organization (Access Management page)
    • View and manage existing tenants including create policy for tenants
    • Manage the Managed Services Portal subscription

  • Global Administrator: This role has limited capabilities in the Managed Services Portal. However, in the managed PCE tenants themselves, Global Administrators have the same capabilities as Global Organization Owners.

    NOTE:

    Given the mix of capabilities across separate environments (Managed Services Portal vs. managed PCEs), note that the role of Global Administrator differs from the role of the same name in the PCE.

    • Capabilities within managed PCE tenants

      • View and manage PCE tenants just like a Global Organization Owner

    • Capabilities within the Managed Services Portal

      • View the Events page for the Managed Services Portal
      • View the product version of the Managed Services Portal
      • View their profile and edit some areas of it
      • Access Support for the Managed Services Portal

    • Limitations within the Managed Services Portal

      • Cannot create, delete, or update a managed PCE tenant in the Managed Services Portal
      • Cannot create, update, or delete Managed Services Portal users (the Access Management option does not appear for Global Administrators.)
      • Cannot manage the Managed Services Portal subscription
  • Global Viewer: Currently, users with this role can:
    • View almost everything within managed PCE tenants
    • View and modify their profile the Managed Services Portal
    • View, add, modify, and delete My API Keys
  • Global Policy Object Provisioner:  Currently, users with this role can:
    • View almost everything within managed PCE tenants
    • Provision Services, IP Lists, Label Groups, and Security Settings
    • View and modify their profile the Managed Services Portal
    • View, add, modify, and delete My API Keys

View or change the Global Role for a user or group

NOTE:

You must be a Global Organization Owner to view or change the role for a user or a group.

You specify a Global Role when you add users to your Illumio Managed Services Portal organization as either a Local User or an External User.

View

  1. Select Access.
  2. Click Global Roles.
  3. Click the desired tab.
  4. Click the group or user whose Global Role you want to view.

Change

NOTE:

The role descriptions that appear in the Access Wizard - Select Roles dialog box may be inaccurate. Refer to the role descriptions above.

  1. Select Access.
  2. Click a user type (Local or External).
  3. Click the pencil icon.
  4. In the Access Wizard, select a role.
  5. Click Grant Access.