Release notes
Back to All

Apr 29, 2025 — Akamai MFA new authentication factors

24 days ago by kmieciek@akamai.com

New features and enhancements

  • Authentication methods. With the updated Authentication Factors policy, you now have more granular control over WebAuthn-based authentication factors. This update introduces separate factors for Security key, Platform Authenticator, and Passkey. Previously, enabling WebAuthn/FIDO2 security key in your MFA policy allowed users to enroll and authenticate using various WebAuthn methods.
    To give you more precise control over which of these methods are permitted within your policy, you can now enable these new authentication methods in your Authentication Factors policy:

    • Platform authenticator. This authentication factor lets you use your device's built-in authentication methods like Touch ID, Face ID, Windows Hello, and Android biometrics.

    • Passkey. This method lets you authenticate using a public-private key pair stored in a third-party cloud and synchronized across a user’s devices. Passkey support is available through iCloud, Google Cloud, and other passkey-supported cloud providers.

    • Security key. With this authentication factor, you can use WebAuthn/FIDO2 hardware security keys to authenticate.

      📘

      If you’ve activated the Akamai MFA service before April 29th, you’ll see an additional authentication factor called WebAuthn credential. This factor replaces the WebAuthn/FIDO2 security key factor and ensures compatibility for policies created prior to this update. It combines the functionality of the Platform authenticator, Passkey, and Security key factors. Your existing policies configured with the original WebAuthn/FIDO2 security key factor will continue to function exactly as they do today. Users already enrolled with any WebAuthn method under this factor can continue to authenticate using WebAuthn credential.

  • Updated integration names. To better reflect their functionality, these integrations were renamed:

  • Bypass code filtering. With the Include inactive codes switch, you can now choose whether to show only active bypass codes for a user (default setting) or include inactive codes as well.

  • Authentication events page improvements. The authentication events page is now updated to show these new device types:

    • Passkey
    • Platform authenticator
    • WebAuthn credential
    • Remember me

    These device types were renamed:

    • Mobile device is now Akamai MFA authenticator
    • Phone only is now Phone number
    • Email is now Email address

    These authentication factors were renamed:

    • WebAuthn/FIDO2 security key is now WebAuthn
    • FIDO2 phone security key is now Phone security key
    • Magic link (via SMS) is now Magic link

    These authentication factors were added:

    • Phone security key (no extension)
    • Phone security key (extension)
    • Remember me