Nov 10, 2021— Enterprise Application Access updates

Enterprise Application Access (EAA) new software release.

EAA Client versions

  • EAA Client for Windows: version 2.6.0
  • EAA Client for macOS: version 2.6.0
  • EAA Client mobile app for iOS: version 2.1.0
  • EAA Client mobile app for Android: version 2.1.0

​Akamai​ EAA new features

  • Okta SCIM Integration. You can provision users and user group memberships from Okta (AD) to EAA Directory using the System for Cross-domain Identity Management (SCIM) 2.0.

  • Enterprise DNS request onboarding improvement. The EAA Client intelligently onboards DNS SRV (Service) and DNS PTR (Pointer) requests. DNS SRV (Service) requests are onboarded when the target (hostname) in a request matches a DNS suffix configured in an EAA DNS Application. DNS PTR (Pointer) requests are onboarded when the IP in the request matches the destination IP specified in an EAA Client Application.

  • New Attributes in Access Logs. Additional attributes have been added to the access logs: Connector IP (clientless access only), Connector ID (clientless access only), Connector Source Port (clientless access only), Device UUID, Access Control that Denied Access, Bytes In and Bytes Out.

  • Health Monitoring APIs. APIs for connector and application health monitoring are available.

  • EAA SDK Deprecation. The EAA SDK is being deprecated and support for the EAA SDK will end July 2022. Customers using the EAA SDK should switch to the EAA Open APIs.

  • Strict validation of SCIM Attribute Mappings. EAA will perform strict validation of attributes that it receives in the SCIM payload. If the SCIM payload has attributes that have not been mapped in the EAA SCIM Directory, then the EAA SCIM service will respond with an error.

EAA Client operating system support

The EAA Client 2.6.0 supports these operating systems: Microsoft Windows 7, current Microsoft supported versions of Windows 10 x86(32-bit) and x64(64-bit), Apple macOS 10.14 (Mojave), 10.15 (Catalina), and 11 (Big Sur). The EAA Client leverages Rosetta translation so a single binary can be used for both Intel-based and Apple M1-based devices.

​Akamai​ EAA end of support/service for EAA Client

  • EAA Client version 2.2.0, 2.3.0, 2.3.1 End of Service / Support - From February 28, 2022, ​Akamai​ will no longer support EAA Client versions 2.2.0. From April 30, 2022, ​Akamai​ will no longer support EAA Client versions 2.3.0 and 2.3.1. These are the last dates to receive any support for these product versions. After these dates, these versions are obsolete and no support will be available.

  • Product Migration. For customers using EAA Client versions prior to 2.4.0, migrating to newer EAA Client versions, will require the older EAA Client to be uninstalled before the newer EAA Client is installed. If you're moving from EAA Client older than version 2.1.0, a new akamai-device-id is generated. EAA activity reports, Clients overview dashboard, Device Posture dashboard may include old akamai-device-id, resulting in inaccurate statistics until the old akamai-device-id is purged after 90 days. For more information, see Device ID (akamai-device-id) updates with EAA Client installation and upgrades.

EAA and EAA Client limitations

  • EAA SCIM directory does not support password mapping. Users with password attributes configured in Okta are not synced to EAA.

  • EAA browser-based RDP application is not compatible with the latest Chrome (version 94.0.4606.71).

  • In EAA, for the Okta SCIM directory, the users displayed include both active and inactive users. Okta doesn’t send delete requests but only deactivates users. This causes a mismatch in the user count between the Okta (SCIM source) and EAA SCIM directory (SCIM target).

  • ​If you edit a certificate profile’s name, the previous name may still display on the Device Details page for up to 30 minutes.

Fixed customer bugs

  • User diagnostics had discrepancies while showing user data for a given time range. This has been fixed.

  • User diagnostics shows data in bytes, kilobytes, megabytes, and gigabytes correctly.

  • The default instance type for the Azure connector is changed to Standard_F4s_v2.

  • EAA connector for Azure supports managed disk option.

  • Duplicate users are not seen when you change organizational unit (OU) in groups.

  • Group membership changes are considered in ACLs (access control list) when used for app access for a SAML identity provider.