Set up Device Posture

Learn about the Device Posture requirements and instructions on how to enable it for the identity provider. This guide assumes that your network is secured and managed in Enterprise Application Access (EAA), and that applications, identify providers, directories, and connectors are already deployed.

Device Posture requirements

  • Administrator access to Enterprise Application Access (EAA) in ​Akamai Control Center​.

  • The Enterprise Application Access - Enterprise edition on your contract.

  • Users must be running the EAA Client in order for device signals to be collected by Enterprise Application Access.

Device ID ('akamai-device-id') updates with EAA Client installation and upgrades

Upon installation, the EAA Client associates each device with a unique identifier called the device ID (also called akamai-device-id). Starting with the 2.1.0 release, the EAA Client uses a new algorithm to generate the device ID for each device. Due to this change, after installing the new EAA Client, each device automatically gets a new device ID.

This change is being made to address an issue that arises when using the EAA Client on machines created using a Microsoft Windows image. A problem may occur that results in the EAA Client reporting duplicate device IDs. When creating the source image for use on multiple machines, certain operating system identifiers used by the EAA Client may be duplicated if not properly prepared.

The EAA Client uses these identifiers to generate a unique device ID for each machine. When installed on machines that have not been properly prepared, this may result in duplicate device IDs being reported by multiple machines. EAA Client 2.1.0 or later addresses this issue.

Upgrade of EAA Client to 2.1.0 or later release

The recommended upgrade procedure for the 2.1.0 or later release is to directly upgrade over the existing 2.0.x installations. If the user is running a 1.x version of the EAA Client they must uninstall it before installing version 2.1.0 or later release.

If the user has an active EAA session at the time of upgrade, they are automatically logged out. After the user logs in again and resumes application access, the device ID is updated and usage may continue as normal.

📘

After the upgrade, if the user is unable to access applications due to Device Posture then they must log out from the IdP in the browser and log in again. This synchronizes the new device ID throughout Enterprise Application Access.

See the EAA Client version to learn about the EAA Client format. You can also check your device Id by opening your EAA Client.

Enable Device Posture on an identity provider

Prerequisites

The identity provider (IdP) you use with Enterprise Application Access (EAA) must have Device Posture and the EAA Client connector enabled.

If you have not already done so, add a new identity provider.

  1. In the EAA Management Portal navigation menu, select Identity > Identity Providers.
    This displays the Identity Providers page.

  2. Click the gear icon in the Identity Provider card you want to modify.
    The General Settings page appears.

  3. Click Advanced Settings.

  4. Select Enable EAA Client and Enable Device Posture.

  5. Click Save and go to Deployment.

  6. When the deployment completes, click Done.

Next steps

If you have not already done so, you need to configure at least one TCP-type or Tunnel-type client-access application in EAA:

  1. Add and configure a TCP-type client-access application or add and configure a tunnel-type client-access application.

  2. Access control rules.

  3. In Device Posture configure device risk assessments.