EAA identity provider

Enterprise Application Access EAA) is a cloud-based service that delivers and protects enterprise applications running behind a firewall or in a public cloud. To learn more, see EAA.

You can integrate ‚ÄčAkamai MFA‚Äč with one or more ‚ÄčAkamai‚Äč identity providers (IdPs) to provide users with the full MFA capabilities of ‚ÄčAkamai MFA‚Äč.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.

ūüďė

This authentication process refers to users who are enrolled in ‚ÄčAkamai MFA‚Äč.

  1. The user attempts to access a protected enterprise application.

  2. The user is prompted to log in using their credentials.

  3. Upon successful authentication, EAA IdP redirects the user to ‚ÄčAkamai MFA‚Äč.

  4. ‚ÄčAkamai MFA‚Äč challenges the user with secondary authentication.

  5. The user confirms their identity using the selected secondary authentication method.

  6. ‚ÄčAkamai MFA‚Äč redirects the user to the EAA IdP.

  7. EAA IdP redirects the user to the application server.

  8. The user gains access to the application.

ag-eaa-diagramag-eaa-diagram

Prerequisites

  • You must be using the EAA ‚ÄčAkamai‚Äč identity provider and have both Enterprise Application Access and ‚ÄčAkamai MFA‚Äč on the same contract. With this setting, the users in all EAA directories may be provisioned into ‚ÄčAkamai MFA‚Äč.

  • In EAA, perform the following tasks:

    • Associate at least one directory containing user accounts with your ‚ÄčAkamai‚Äč identity provider.

    • Assign your EAA ‚ÄčAkamai‚Äč identity provider to at least one application.

Add EAA integration

Follow this procedure to generate your integration credentials in ‚ÄčAkamai MFA‚Äč.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

  2. Click Add Integration (+).

  3. In Integration Type, select EAA.

  4. In Name, enter a unique name for your EAA integration.

  5. Click Save and Deploy.
    You've just generated your API Host, Integration ID, and Signing Key. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used to configure the EAA IdP integration in Enterprise Center or EAA Management Portal.

ūüďė

Your Signing Key should be kept completely secret like any other password or secret key credential.

Follow one of these instructions to add ‚ÄčAkamai MFA‚Äč as your secondary authenticator on top of your EAA ‚ÄčAkamai‚Äč IdP.

Depending on the EAA interface that you are using, you can perform the configuration either in ‚ÄčAkamai‚Äč Enterprise Center or in the EAA Management Portal.

Configure two-factor authentication in Enterprise Center

Configure two-factor authentication in the EAA Management Portal

ūüďė

When you're pasting your integration credentials in the EAA Management Portal or Enterprise Center, remember to enter your API Host domain with https://prefix.


Did this page help you?