Enroll new users
Akamai MFA supports self-enrollment allowing users to set up their accounts and enable their trusted devices in the service.
There are two scenarios to enroll new users:
- Email enrollment. Lets you invite new users by sending them an email with the enrollment link. Users can then decide when to enroll while the link remains active.
To prevent enrollment emails from being blocked, add the
<<MFA_DOMAIN>>
domain to your allowed list of senders in your email security solution.
- In-line enrollment. You can define a new user policy that prompts new users to self-enroll when they try to access a protected application that has been integrated with Akamai MFA.
The in-line enrollment is not supported for the following two integrations: Unix PAM and Windows logon plug-in.
Email enrollment
In this scenario, you email users who already exist in the Akamai MFA service but haven't registered their mobile devices. The email contains the enrollment link and guides users through the process of registering and activating the device.
For SCIM provisioning, follow these steps:
-
In the Enterprise Center navigation menu, select Multi-factor Authentication > Identity & Users > User Provisioning.
-
On the User Provisioning page, click Add Provisioning (+) and follow on-screen instructions to provision user accounts from your directory service to Akamai MFA.
-
On the SCIM provisioning configuration page, enable Enroll New Users. With this setting, new users receive an email with the enrollment link that lets them register their authentication device in Akamai MFA after their accounts are imported from your directory service.
-
Resend bulk emails with the enrollment link to users whose status remains unenrolled to re-invite those users to the service.
To onboard new users imported using SCIM with the enrollment email make sure that users have their email address attribute field populated in a particular directory.
For manual provisioning, follow these steps:
-
Send bulk emails to invite unenrolled users to the service.
-
Resend bulk emails with a new enrollment link to users whose status remains unenrolled. This lets you re-invite those users to the service.
To onboard new users who were added manually with the enrollment email, add their email addresses to the Settings section of the user profile in Akamai MFA.
In-line enrollment
In this scenario, you require new users to self-enroll in the Akamai MFA service by adding a specific policy.
-
In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.
-
Navigate to your global policy, and click Global to display the policy's details. See Global policy to learn more about its settings.
-
In New User, make sure that the Enroll option is set as the new user policy.
-
If necessary, click Save and Deploy.
After you configure the new user policy that enforces secondary authentication in Akamai MFA, the users will be prompted to enroll and activate their mobile device next time they attempt to access a protected application.
Updated over 2 years ago