# Configure access controls and authentication

<figure><img src="https://542970813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtK7oIwmhUHdEJcaH4Hx8%2Fuploads%2FjnZgYEel6LGrjB2LNmAm%2FEkran%20Resmi%202025-12-30%2016.50.58.png?alt=media&#x26;token=d5a0eeba-d198-4487-9322-92034882ee9a" alt=""><figcaption></figcaption></figure>

<figure><img src="https://542970813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtK7oIwmhUHdEJcaH4Hx8%2Fuploads%2FWlafzdpFcttDy4QRVXgU%2Fimage.png?alt=media&#x26;token=c1062364-3b50-4c25-a1b7-25907705dda7" alt=""><figcaption></figcaption></figure>

Access controls and authentication define how users and systems securely interact with Medianova services.\
This page explains how to:

* Secure your account with two-factor authentication (2FA)
* Generate and manage API credentials
* Control user access through role-based permissions

These mechanisms help protect your account, APIs, and CDN resources from unauthorized access while ensuring operational control across your organization.

From the [**Medianova Control Panel**](https://cloud.medianova.com), you can secure your account with two-factor authentication (2FA), generate API credentials, and manage user access through predefined roles.

## Configure authentication and access settings

{% stepper %}
{% step %}
**Enable two-factor authentication (2FA)**

Open **My Profile → My Account**.

Select the **Account Security** tab.

Enable **Two-Factor Authentication (2FA)**.

2FA adds an additional verification step during login.
{% endstep %}

{% step %}
**Generate API credentials**

From **My Account**, open the **API Tokens** tab.

Click **Generate Token**.

The system generates an **API Key** and **API Secret**.

* Access token validity: **4 hours**
* API key and refresh token validity: **30 days**
  {% endstep %}

{% step %}
**Manage user roles and permissions**

Open **Profile → Organization Management**.

Select your organization.

Assign roles to users based on required access levels.

{% hint style="info" %}
Role-based access control ensures users can access only the resources they need.
{% endhint %}
{% endstep %}
{% endstepper %}

### Available roles

**Super Admin**\
Full administrative access, including user management, CDN Resources, security settings, and billing.

**Operator**\
Technical access to manage CDN Resources and perform operational actions such as purge.

**Billing**\
Access limited to subscription and billing management.

**Viewer**\
Read-only access to CDN Resources and organization information.

### Secured content access

Requests to secured CDN content require a valid, non-expired authentication hash.\
Once the hash expires, the content becomes inaccessible until a new one is generated.

### Summary

Use the Medianova Control Panel to:

* Protect accounts with two-factor authentication
* Generate time-limited API credentials
* Control user access with role-based permissions

These controls are essential for secure and reliable operation of Medianova services.