Guide

Use Akamai MFA

Suggest Edits

​Akamai​ MFA two-factor authentication

Enterprise Application Access (EAA) allows you to use Akamai MFA as a second-factor authentication (2FA) for an ​Akamai​ identity provider (IdP). With both Enterprise Application Access and ​Akamai​ MFA on the same contract, the users from all of EAA directories may be provisioned into ​Akamai​ MFA. This action is executed from the ​Akamai​ MFA service.

Integrate ​Akamai​ MFA with EAA

Prerequisite:
Enterprise Application Access ( EAA) and ​Akamai​ MFA must be available in the same contract.

  1. Generate your integration credentials in Akamai MFA.

  2. Configure Akamai MFA as a 2FA in Enterprise Application Access ​Akamai​ identity provider.

a. Log in to Enterprise Center.

b. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Identity providers.

c. Select your identity provider. Check if added the directory with your users to this identity provider.

d. Select Settings > MFA enable IDP Login Requires MFA. It's optional to enable this setting.

e. Select Akamai MFA as one of the MFA Factors.

Note: You can also select Email, TOTP, SMS, or Duo as a second factor along with Akamai MFA.

f. Paste the integration credentials: Integration ID, Signing Key, and API Host.

g. Select Akamai MFA UserID attribute.
It determines the attribute that is sent as the username in ​Akamai​ MFA. Choose one of the following:

  • Email

  • SAM account name

  • User Principal Name (UPN)

  • Domain/SAM account name

  • Login Preference

    Note: If you associate multiple directories with this IdP that have different login preferences, then choose Login Preference as the Akamai MFA UserID attribute so that the correct username field is used to register/verify Akamai MFA. Otherwise, you get an error Your MFA configuration has failed, when you log in to access the application.

h. Set MFA Verification Trust Duration. The user is prompted for MFA verification the very first time they use the browser. Then, within the trust duration period, the user is exempt from MFA challenge if they use the same browser. The default is 365 days.

i. Click Save.

j. Deploy the identity provider.

  1. Assign the identity provider to one or more EAA applications.

    📘

    The identity provider must be assigned to at least one EAA application for ​Akamai​ MFA to be used.

  2. Deploy the application.

  3. Log in to the application through a web browser.

  4. Enter your first-factor authentication like username, and password, or select the certificate.
    New users are redirected for Akamai MFA registration.

  5. Install ​Akamai​ MFA mobile app on google android or iphone and choose in-line enrollment for your smartphone, phone, iPad or tablet. See Self-enroll in Akamai MFA for more details.
    The user is redirected to the application to access the resource.

If you configured multiple MFA methods, also see Configure end-user's device to receive MFA tokens to learn how end users can receive MFA tokens on their device and configure the primary method.

Updated about 1 year ago