Enroll new users

‚ÄčAkamai MFA‚Äč supports self-enrollment allowing users to set up their accounts and enable their trusted devices in the service.

There are two scenarios to enroll new users:

  • Email enrollment. Lets you invite new users by sending them an email with the enrollment link. Users can then decide when to enroll while the link remains active.

ūüďė

To prevent enrollment emails from being blocked, add the <<MFA_DOMAIN>> domain to your allowed list of senders in your email security solution.

  • In-line enrollment. You can define a new user policy that prompts new users to self-enroll when they try to access a protected application that has been integrated with ‚ÄčAkamai MFA‚Äč.

ūüďė

The in-line enrollment is not supported for the following two integrations: Unix PAM and Windows logon plug-in.

Email enrollment

In this scenario, you email users who already exist in the ‚ÄčAkamai MFA‚Äč service but haven't registered their mobile devices. The email contains the enrollment link and guides users through the process of registering and activating the device.

For SCIM provisioning, follow these steps:

  1. Customize your enrollment email.

  2. In the Enterprise Center navigation menu, select Multi-factor Authentication > Identity & Users > User Provisioning.

  3. On the User Provisioning page, click Add Provisioning (+) and follow on-screen instructions to provision user accounts from your directory service to ‚ÄčAkamai MFA‚Äč.

  4. On the SCIM provisioning configuration page, enable Enroll New Users. With this setting, new users receive an email with the enrollment link that lets them register their authentication device in ‚ÄčAkamai MFA‚Äč after their accounts are imported from your directory service.

  5. Resend bulk emails with the enrollment link to users whose status remains unenrolled to re-invite those users to the service.

ūüďė

To onboard new users imported using SCIM with the enrollment email make sure that users have their email address attribute field populated in a particular directory.

For manual provisioning, follow these steps:

  1. Customize your enrollment email.

  2. Send bulk emails to invite unenrolled users to the service.

  3. Resend bulk emails with a new enrollment link to users whose status remains unenrolled. This lets you re-invite those users to the service.

ūüďė

To onboard new users who were added manually with the enrollment email, add their email addresses to the Settings section of the user profile in ‚ÄčAkamai MFA‚Äč.

In-line enrollment

In this scenario, you require new users to self-enroll in the ‚ÄčAkamai MFA‚Äč service by adding a specific policy.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.

  2. Navigate to your global policy, and click Global to display the policy's details. See Global policy to learn more about its settings.

  3. In New User, make sure that the Enroll option is set as the new user policy.

  4. If necessary, click Save and Deploy.

After you configure the new user policy that enforces secondary authentication in ‚ÄčAkamai MFA‚Äč, the users will be prompted to enroll and activate their mobile device next time they attempt to access a protected application.


Did this page help you?