Use EAA as a SAML IdP

In Enterprise Application Access (EAA) you can use a third-party SAML identity provider (IdP) or Enterprise Application Access as the SAML IdP to authenticate access to your applications. When you configure ​Akamai​ as the provider type for an IdP, you grant Enterprise Application Access permission to communicate with the native application directly as the SAML IdP source. This means that with SAML IdP provided by Enterprise Application Access, Enterprise Application Access is the identity provider (IdP). When you add a SAML, or SaaS, application to Enterprise Application Access, the application is the service provider (SP). When an IdP such as Enterprise Application Access and a SP such as a SaaS application both implement SAML, they are able to seamlessly authenticate accredited users associated with the IdP to use the SP.

In order for EAA applications to allow Enterprise Application Access as the IdP to authenticate, the application needs information about the user. This information is User Attributes. Enterprise Application Access is able to authenticate users of the applications from their credentials in the EAA Cloud Directory or the Active Directory (AD) as it is synced with the Enterprise Center.

Here is an outline of the workflow to set Enterprise Application Access as the SAML IdP for an application:

1. Add a new identity provider.

2. Configure EAA as an IdP for a custom SaaS application.

3. Configure SAML for an Access application.

4. Create user attributes in EAA.

5. Map user attributes of the directory.