Release notes
TrainingSupportCommunity
Back to All

June 5, 2024 — Enterprise Application Access Updates

7 months ago by mratteha@akamai.com

Enterprise Application Access (EAA) updates.

​Akamai​ EAA new features

AZT Client Download from Login Portal. You can download both the Akamai Zero Trust Client (AZTC) and the standalone EAA Client from the EAA Login Portal. You can configure custom download URLs for either EAA Client, ZT Client, or both for your organization from the IdP Login Portal customization screen. You also have the option to select the preferred client of your choice.

DUO SDK V4 and Universal Prompt. Starting September 30, 2024, DUO will end support for DUO SDK V2 and the Traditional Prompt, and transition to DUO SDK V4 and the Universal Prompt. DUO SDK V2 used an embedded iFrame, whereas DUO SDK V4 redirects users to a page hosted by DUO for completing the MFA Challenge. The EAA Login portal will automatically start using DUO SDK V4 after this release, and end-users will be automatically redirected to a page hosted by DUO to complete the DUO MFA Challenge. To use the Universal Prompt, administrators can manually enable it from the DUO admin console.

SAML Logout for 3rd party SAML identity provider. With this feature, EAA sends a signed SAML Logout request to the third party SAML IdP and the user is logged out of all the sessions from all applications using SAML logout service. In earlier releases, EAA allowed you to configure a Logout URL and EAA would make a get request to the specified URL. It wasn’t persistent across all sessions and not based on SAML logout service. It is supported for Third Party SAML provider type only and not for Okta, PingOne, OneLogin, Google, Microsoft Azure AD types of identity provider in this release.

Fixed customer bugs

  • When you use Akamai MFA with EAA Cloud directory, any Akamai MFA UserID Attribute is automatically changed to Email in this release and it works with EAA seamlessly. In the past, if you set Akamai MFA UserID Attribute to any value other than Email (SAM account name, User Principal Name, Domain/SAM account name, Login Preference), it was incorrectly erroring out as "Your MFA verification failed. If incorrect, please contact administrator." This issue has been fixed.

Known Limitations

  • After you upgrade to DUO v4, you must clear the browser cache to avoid incorrect errors when redirection happens from DUO to EAA.
  • Only English is shown as the language when a registered DUO end-user logs into the EAA IdP login portal, even if you try changing to another language.
  • When you configure the DUO user attribute as Domain Name/SAM account name in the IdP and use it as the Login Preference in the directory associated with the IDP, user will experience an endless loop with MFA authentication failure.
  • When you configure the DUO user attribute as User Principal Name (UPN) in the IdP and use it as the Login Preference in the Email associated with the IDP, DUO MFA authentication fails.