Manage user access to applications
Block and unblock users from accessing applications
Enterprise Application Access (EAA) maintains session information like username, time of login, browser used along with single sign-on (SSO). These attributes are kept till the session expires or the user logs out. There is no way for the administrator to clear this information even if the contract has expired, until the session timeout expires.
With this feature, the Enterprise Application Access identity administrator with Gmbo UI - IdP Admin permissions (see Role-based access control for EAA administrators), can block users or terminate users sessions from accessing applications associated with an identity provider (IdP) much faster. This is useful when the user has lost their credentials, left the organization, user's hardware like MFA token is lost, or you want to block a user or users from an application temporarily. After the situation is resolved, access can be granted.
After administrator blocks users, syncing to the directory happens every five minutes. If the user has any open sessions, they are terminated in a five to ten minute window, depending on the log in time.
You can block a user, some users, or all users from an Akamai identity provider (IdP) or third party identity providers (IdPs) like Okta and Azure.
When you block a user on an identity provider (IdP). The user is blocked from accessing the applications since they cannot authenticate with his login credentials using that IdP. But, if the organization has another IdP that provides access to other applications, the same user can access those applications. So blocking of the user happens only per IdP and not the entire Akamai cloud directory or LDAP.
If the blocked user is accessing client applications using EAA Client, the user is immediately logged out.
Block and unblock users from applications associated with an identity provider
You can quickly block and unblock users from accessing applications associated with an identity provider.
The administrator can block a user, some or all users from an identity provider (IdP) in EAA Management Portal. This blocks the users access to applications associated with the identity provider. But, users can still access other applications associated with a different identity provider.
-
Log in to EAA Management Portal.
-
In the EAA Management Portal navigation menu, select Identity > Identity providers.
-
Go to the identity provider and click Block users.
-
Select the directory the user belongs to.
-
To block users:
-
Select the user, or users, in the Username column, and click Actions > Block Users.
To block all users double-click the Username title (✓ appears next to all the usernames). -
Verify each user details and click Block.
Blocked user is marked with a red icon.
-
When the blocked user logs into the Login Portal, the message appears:
Your access has been blocked. If incorrect, please contact your administrator.
-
To unblock users:
-
Select the user, or users, in the Username column, and click Actions > Unblock Users.
-
Verify each user details and click Unblock.
Red icon marking blocked user disappears.
-
Block or unblock users associated with a third party identity provider
You can block or unblock a user from a directory associated with a third party identity provider (IdP) like Okta and Azure after you enable lookup the user to be blocked in the third party IdP.
Enable block user lookup in the third party IdP
Enable the user lookup option in the third party identity provider that allows you to look up the user's name in the third party IdP.
-
Log in to EAA Management Portal.
-
In the EAA Management Portal navigation menu, select Identity > Identity providers.
-
Select the IdP to open it. The IDP type in the IdP card is for example Okta, Third party SAML.
-
Click Advanced Settings.
-
Enable Block User Lookup.
-
Click Save and go to Deployment. Deploy the IdP.
-
Next, you can block or unblock users in a third party identity provider.
Block or unblock users in a third party identity provider
-
Log in to EAA Management Portal.
-
In the EAA Management Portal navigation menu, select Identity > Identity providers.
-
Select the IdP you want to block the user from. The IDP type in the IdP card is for example Okta, Third party SAML.
-
Click Block Users.
Block Users opens. -
To block users follow these steps:
-
Enter the username, first name, and last name of a user you want to block access.
To block more users click Add user to block list (+), and add the username, first name, and last name of the next user. -
Click Block.
The alert message appears (about users blocked from the third party IdP login portal).
-
-
To unblock users follow these steps:
-
Go to the user, or users you wish to unblock and click Unblock User (unlocked icon).
-
Verify the user details and click Unblock.
The user is removed from the block list.
-
Updated over 1 year ago