Mar 23, 2018 — Enterprise Application Access updates

New features

  • Duo Security integration. From the EAA Management Portal, enable and configure Duo Security two-factor authentication for users who access your applications from the EAA Login Portal. In addition to EAA primary authentication methods, users are challenged by the authentication methods set within your Duo Security account. Enable this capability in Enterprise Application Access on a per-IdP basis. To use this feature in EAA, Akamai Enterprise Application Access must be added as an application in Duo Security’s administration portal.

  • SAML IdP with Microsoft enhanced client or proxy support. Configure Microsoft enhanced client or proxy (ECP) mode for SaaS applications. This feature allows users to use their local Outlook or Mail clients with Microsoft Office 365.

  • Open LDAP custom schema support. When you use the EAA identity provider between your LDAP environment and service provider for SAML and SaaS applications, you can map both the EAA default and custom attributes to the LDAP directory for both groups and users.

  • Native Security Assertion Markup Language (SAML) based IdP. Support for SAML 2.0 based identity management for both on-premise and SaaS applications is available. This capability allows your users to Single Sign On to their Access and SaaS applications from the same login portal.

  • Custom Schemas in OpenLDAP directories. EAA allows you to map custom user, group, and organization units (ous) attributes from your EAA OpenLDAP directory configuration to the native OpenLDAP directory. Also, creation of dynamic attributes as required by your SAML based SaaS applications is supported in this feature.

Bug fixes

  • DSA health-check traffic appeared in the customer facing access logs when it should not have.

  • The EAA Login Portal now supports text changes of the change password text.

  • In the Korean locale users can now see the log in prompt in their browser.

  • Custom Group Members attribute is no longer ignored for LDAP.

  • The base DN for Group Search is now correct for LDAP.

  • Connectors and origin not support Secure and httpOnly flags for Sticky Cookies.

  • The Help Desk email now supports the & character.

  • Assigning applications to an application group (rewrite) no longer causes significant performance issues.

  • Certificate to app mapping is now deleted when the app group changes from custom to Akamai domain.

Known issues

We have planned improvements for the following issues in the EAA Management Portal:

  • Duo Security integration. Akamai Enterprise Application Access must also be added as an application from Duo’s administrator portal to enable this feature.

    • When a change or modification to the Duo UserID attribute option occurs, user access is denied to the application until the one time password (OTP) is reset within EAA.

    • A limitation based on Duo’s current design displays the user multi-factor (MFA) settings in English irrespective of the language chosen in the login portal.

    • Native Security Assertion Markup Language (SAML) based IDP. Outlook/Apple mail client support for Microsoft Office 365 is only available in Windows and MacOS.

  • Application query for specific SAML SaaS application name with having space, or : or # characters, will return no log line. Workaround: running query without application selected will also give result for all SAML SaaS application report.

  • Before entering the EAA SAML settings, the SAML service provider (SP) entity ID, ACS URL, and log out URL must be XML-unescaped.

  • IdP settings sometimes do not persist if the Save and go next button is clicked. To workaround make changes and use the Save and exit button.