Define policies

With ​Akamai MFA​ policies, you can define and flexibly apply the following levels of access controls:

  • Global policy. Impacts the entire organization.

  • Custom policies. Let you configure more granular rules that you can apply to one or multiple resources—for example, a selected group or a set of integrations. These specific rules override the global policy settings.

Defining your policies includes these steps:

  1. Design your policies. Identify your protected resources and users who can access them. Determine conditions corresponding to users and devices. At this stage, you should also plan which authentication methods you’re going to make available for different groups of users and resources. It’s a good idea to enable users to use more than one secondary factor to authenticate and provide them with a backup authentication method. With this setting, the user can authenticate even if their trusted device is unavailable.

  2. Configure your policies in ​Akamai MFA​. Now it’s time to create your policies. With the ​Akamai MFA​ user-friendly interface, you can easily define custom policies that comply with your organization’s security requirements.

  3. Test your policies. Since it’s easy to assign permissions that may be too narrow or too broad, try to test your policies in a separate lab environment. This lets you identify potential risks and evaluate the impact of your new policies.

  4. Deploy your policies. When deploying your policies, apply a phased approach, which lets you deal with technical challenges in waves.

As an experienced Identity engineer, you can complete these steps in approximately 3-4 days.