Use Akamai MFA

‚ÄčAkamai‚Äč MFA two-factor authentication

Enterprise Application Access (EAA) allows you to use Akamai MFA as a second-factor authentication (2FA) for an ‚ÄčAkamai‚Äč identity provider (IdP). With both Enterprise Application Access and ‚ÄčAkamai‚Äč MFA on the same contract, the users from all of EAA directories may be provisioned into ‚ÄčAkamai‚Äč MFA. This action is executed from the ‚ÄčAkamai‚Äč MFA service.

Integrate ‚ÄčAkamai‚Äč MFA with EAA

Prerequisite:
Enterprise Application Access ( EAA) and ‚ÄčAkamai‚Äč MFA must be available in the same contract.

  1. Generate your integration credentials in Akamai MFA.

  2. Configure Akamai MFA as a 2FA in Enterprise Application Access ‚ÄčAkamai‚Äč identity provider.

a. Log in to Enterprise Center.

b. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Identity providers.

c. Select your identity provider. Check if added the directory with your users to this identity provider.

d. Select Settings > MFA enable IdP MFA policy. It's optional to enable the IdP MFA policy.

e. Select Akamai MFA as one of the MFA Factors.

Note: You can also select Email, TOTP, SMS, or Duo as a second factor along with Akamai MFA.

f. Paste the integration credentials: Integration ID, Signing Key, and API Host.

g. Select Akamai MFA UserID attribute.
It determines the attribute that is sent as the username in ‚ÄčAkamai‚Äč MFA. Choose one of the following:

  • Email

  • SAM account name

  • User Principal Name (UPN)

  • Domain/SAM account name

  • Directory Login Preference

    Note: If you associate multiple directories with this IdP that have different login preferences, then choose Directory Login Preference as the Akamai MFA UserID attribute so that the correct username field is used to register/verify Akamai MFA. Otherwise, you get an error Your MFA configuration has failed, when you log in to access the application.

h. Click Save.

i. Deploy the identity provider.

  1. Assign the identity provider to one or more EAA applications.

    ūüďė

    The identity provider must be assigned to at least one EAA application for ‚ÄčAkamai‚Äč MFA to be used.

  2. Deploy the application.

  3. Log in to the application through a web browser.

  4. Enter your first-factor authentication like username, and password, or select the certificate.
    New users are redirected for Akamai MFA registration.

  5. Install ‚ÄčAkamai‚Äč MFA mobile app on google android or iphone and choose in-line enrollment for your smartphone, phone, iPad or tablet. See Self-enroll in Akamai MFA for more details.
    The user is redirected to the application to access the resource.

If you configured multiple MFA methods, also see Configure end-user's device to receive MFA tokens to learn how end users can receive MFA tokens on their device and configure the primary method.