MCC Security Frequently Asked Questions

Specify a password that:

• Contains at least one of each of the following types of characters:

  • Upper-case lettersExample: ABC

  • Lower-case lettersExample: abc

  • NumbersExample: 1234567890

  • SymbolsExample: !@#

• Contains at least 8 characters but no more than 64 characters.
• Is different from your last 4 passwords.
• Does not contain a backslash (i.e., \).

Yes. Passwords expire every 90 days.

No. A password expiration policy only affects users that log in to the MCC. User accounts that are only used to access CDN Storage should experience uninterrupted access.

Your account is automatically locked for 30 minutes after six consecutive unsuccessful log in attempts. If you are locked out of your account, perform either of the following steps:

• Reset your password.
• Wait 30 minutes.

This information is solely for customers whose accounts have not been upgraded to use Identity. If your customer account uses Identity, then you should manage your multi-factor authentication configuration from within the Identity dashboard.

If you no longer have access to the phone number tied to two-factor authentication, then you will need to contact a MCC administrator to reset your 2FA configuration.

In the future, consider updating your Mobile option before switching phone numbers.
Learn more.

The Web Services REST API token provides the means through which a call to our REST API can be authenticated. The REST API is a service that we provide through which common CDN configuration tasks may be automated.

This token may be used to perform CDN configuration tasks similar to those allowed by your MCC user account. As a result, it should be safeguarded in the same manner as your MCC user name and password. If you feel like your Web Services REST API token has been compromised, you should immediately generate a new token.
Learn more.

The Web Services REST API token assigned to your user account can be found in the Web Service REST API Token section of your profile.

Your MCC administrator determines which users will be granted a Web Services REST API token. The Web Service REST API Token section will only be displayed within profile for authorized users.

Yes. Your Web Services REST API token should be safeguarded in the same manner as your MCC credentials. In the wrong hands, this token may be used to negatively impact site traffic by altering your CDN configuration.

Learn more.

The recommend setup is to leverage the token assigned to a dedicated user with limited permissions. This type of setup is described below.

1. Create a user dedicated to the REST API.
2. Limit the permissions of this user to those required to perform CDN configuration automation.

   Remove all privileges by clearing the user's root level privileges (e.g., HTTP Large, HTTP Small, Storage, etc.). After which, you should mark the desired permission(s) (e.g., Customer Origin). Note how the parent privilege will be automatically marked.
   

   Example:

   If the goal is to automate customer origin administration on the HTTP Large platform, then the dedicated user should only be granted the Customer Origin privilege that resides under the HTTP Large privilege.

3. Mark the Grant API Access Token permission.
4. Save the new user.
5. Log in as the new user and then navigate to that user's profile to view that user's token.

• Content Delivery

  • ADN
  • IPv6
  • Cache Management
  • Rules Engine

• Security

  • CDN Security
  • MCC Security
  • Origin Shield
  • Token-Based Authentication
  • Web Application Firewall (WAF)

• Streaming

  • Dynamic Cloud Packaging
• Raw Logs
• Route (DNS)
• Storage