Guide
TrainingSupportCommunity

EAA identity provider

Suggest Edits

Enterprise Application Access EAA) is a cloud-based service that delivers and protects enterprise applications running behind a firewall or in a public cloud. To learn more, see [EAA] (https://techdocs.akamai.com/eaa/docs/welcome-guide).

You can integrate ​Akamai MFA​ with one or more ​Akamai​ identity providers (IdPs) to provide users with the full MFA capabilities of ​Akamai MFA​.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.

📘

This authentication process refers to users who are enrolled in ​Akamai MFA​.

  1. The user attempts to access a protected enterprise application.

  2. The user is prompted to log in using their credentials.

  3. Upon successful authentication, EAA IdP redirects the user to ​Akamai MFA​.

  4. ​Akamai MFA​ challenges the user with secondary authentication.

  5. The user confirms their identity using the selected secondary authentication method.

  6. ​Akamai MFA​ redirects the user to the EAA IdP.

  7. EAA IdP redirects the user to the application server.

  8. The user gains access to the application.

ag-eaa-diagram

Prerequisites

  • You must be using the EAA ​Akamai​ identity provider and have both Enterprise Application Access and ​Akamai MFA​ on the same contract. With this setting, the users in all EAA directories may be provisioned into ​Akamai MFA​.

  • In EAA, perform the following tasks:

    • Associate at least one directory containing user accounts with your ​Akamai​ identity provider.

    • Assign your EAA ​Akamai​ identity provider to at least one application.

Add EAA integration

Follow this procedure to generate your integration credentials in ​Akamai MFA​.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

  2. Click Add Integration (+).

  3. In Integration Type, select EAA.

  4. In Name, enter a unique name for your EAA integration.

  5. Click Save and Deploy.
    You've just generated your API Host, Integration ID, and Signing Key. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used to configure the EAA IdP integration in Enterprise Center.

📘

Your Signing Key should be kept completely secret like any other password or secret key credential.

Follow these instructions to add ​Akamai MFA​ as your secondary authenticator on top of your EAA ​Akamai​ IdP.

Configure two-factor authentication in Enterprise Center

📘

When you're pasting your integration credentials in Enterprise Center, remember to enter your API Host domain with https://prefix.

Updated over 1 year ago