Jun 21, 2020 — Enterprise Application Access, EAA Client and Device Posture updates

Enterprise Application Access (EAA) new software release.

EAA Client versions

  • EAA Client for Windows/macOS: version
  • EAA Client mobile app for iOS: version 0.99

​Akamai​ EAA features

Certificate validation for origin servers: Administrators can enable or disable certificate validation for specific directories, web Applications, SSH Applications, and RDP Applications. Origin server certificate validation must be enabled for such applications and directories that are used in production environments with HTTPS/LDAPS. For more information, see Certificate-based validation of origin servers.

​Akamai​ EAA end of support

With this release, ​Akamai​ Enterprise Application Access is officially announcing the end of support for Ubuntu 14.04 LTS based connectors. Customers are required to migrate to Ubuntu 18.04 LTS based connectors for continued service.

EAA and EAA Client limitations

  • Browser-based SSH applications in EAA currently supports only RSA and DSA keys for key verification.

  • Origin server certificate validation for HTTPS applications does not support SAN (Subject Alternative Name) of the type - IP address.

  • Origin server certificate used to validate servers mentioned in the load balancing groups of URL path polices will use the certificate specified in the general settings screen.

  • If a user’s password is reset outside of EAA, the user might get a 556 error while accessing NTLM applications during an active session. Refreshing the page will prompt the user to enter the new password and after successful authentication, the user will be granted access to the application.

  • Modifying an IP based tunnel-type client-access application may make it inaccessible from a 1.x EAA Client. The workaround will be to upgrade to the 2.x EAA Client.

  • Silent installation of EAA Client cannot be done on a Windows 7 Enterprise (32 bit). The workaround is to perform a manual installation.

  • If you are using Outlook on a Windows computer, and you switch EAA Client from Wi-Fi to LAN or hotspot and back to Wi-Fi within 30 seconds, Outlook will be stuck in connecting state. The workaround is to quit Outlook and launch again.

  • If you have Oracle Virtualbox installed on Windows 7 computer, EAA Client works intermittently.

  • On-premise detection does not work if the DNS is manually modified on the machine’s network adapter’s interface. As a work-around, log out and log back into the EAA Client.

  • In Windows, on-premise detection uses DNS addresses from all interfaces to resolve hostnames. If there are any disabled interfaces, it triggers false on-premise detection. As a work-around, you should clear the DNS configuration for disabled interfaces.

  • The EAA administrator cannot customize the Enterprise DNS application URL.

  • You cannot attach an IdP to an Enterprise DNS application. It is not possible to have specific DNS servers for the same search domain for users in a particular region served by an identity provider. This can increase the latency for the users.

Device Posture limitations

  • When you use the EAA Client mobile app on mobile devices to log into an ​Akamai​ IdP with a QR code, you may have problems opening the app and may see a loading screen with a spinner. Close the application and re-open. Or, login to the IdP with a mobile browser. Another workaround is to do a second scan of the same QR code, after reopening the app when the first scan fails. Third-party IdPs are not affected.

  • From the Device Posture Dashboard, when you click on the Internet Explorer, the report doesn’t correctly populate. A workaround is to go to the Device Posture > Reports and then select Browser > Internet Explorer from the advanced filters, to see the list of devices.

  • If you refresh the browser while editing ACLs with device risks or device posture settings, the configured values may disappear from the UI only. To recover the view, navigate to any other screen and return.

  • Using the EAA Client mobile app on mobile iOS devices to log into an IdP with a private self-signed certificate is not supported.

  • When you use the EAA Client mobile app on mobile devices to log into an MFA enabled ​Akamai​ IdP, you may need to enter the MFA code twice, once while logging into the mobile browser, and second when re-directed to the EAA Client mobile app login screen.

  • If you login to an application that has Device Posture controls, using EAA Client mobile app, you may be denied access for the first time. Subsequent access using the retry button or accessing any other application should work.

  • If you log into the EAA Client mobile app using Safari, Device Posture might not work. The user might have to log out and then log back into the EAA Client mobile app or log in to EAA Client mobile app with the QR code.

  • Device Posture based ACLs are not supported if an application has a user-facing mechanism set to either certificate only or basic authentication. The access to the application is blocked; the workaround is to remove the device posture ACLs from the application or to change the authentication mechanism to form.

  • On mobile devices, if you switch out of the EAA Client mobile app before completing registration, the application stops working. Return to the EAA Client mobile app and complete registration.

  • On the macOS platform, the OS last update time field incorrectly displays the last time the OS was checked for updates instead of the last time the OS was updated. This does not impact functionality.

  • After a silent install of the EAA Client on Windows, the User Id field may be incorrect. This issue can be corrected by restarting the EAA Client or rebooting the system.