EAA identity provider

Enterprise Application Access EAA) is a cloud-based service that delivers and protects enterprise applications running behind a firewall or in a public cloud. To learn more, see EAA.

You can integrate ​Akamai MFA​ with one or more ​Akamai​ identity providers (IdPs) to provide users with the full MFA capabilities of ​Akamai MFA​.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.


This authentication process refers to users who are enrolled in ​Akamai MFA​.

  1. The user attempts to access a protected enterprise application.

  2. The user is prompted to log in using their credentials.

  3. Upon successful authentication, EAA IdP redirects the user to ​Akamai MFA​.

  4. ​Akamai MFA​ challenges the user with secondary authentication.

  5. The user confirms their identity using the selected secondary authentication method.

  6. ​Akamai MFA​ redirects the user to the EAA IdP.

  7. EAA IdP redirects the user to the application server.

  8. The user gains access to the application.



  • You must be using the EAA ​Akamai​ identity provider and have both Enterprise Application Access and ​Akamai MFA​ on the same contract. With this setting, the users in all EAA directories may be provisioned into ​Akamai MFA​.

  • In EAA, perform the following tasks:

    • Associate at least one directory containing user accounts with your ​Akamai​ identity provider.

    • Assign your EAA ​Akamai​ identity provider to at least one application.

Add EAA integration

Follow this procedure to generate your integration credentials in ​Akamai MFA​.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

  2. Click Add Integration (+).

  3. In Integration Type, select EAA.

  4. In Name, enter a unique name for your EAA integration.

  5. Click Save and Deploy.
    You've just generated your API Host, Integration ID, and Signing Key. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used to configure the EAA IdP integration in Enterprise Center or EAA Management Portal.


Your Signing Key should be kept completely secret like any other password or secret key credential.

Follow one of these instructions to add ​Akamai MFA​ as your secondary authenticator on top of your EAA ​Akamai​ IdP.

Depending on the EAA interface that you are using, you can perform the configuration either in ​Akamai​ Enterprise Center or in the EAA Management Portal.

Configure two-factor authentication in Enterprise Center

Configure two-factor authentication in the EAA Management Portal


When you're pasting your integration credentials in the EAA Management Portal or Enterprise Center, remember to enter your API Host domain with https://prefix.