Microsoft Entra ID External Authentication Methods (EAM) (Limited availability)
With this integration, you can set up Akamai MFA as your Microsoft Entra ID (formerly Azure Active Directory) external authentication method (EAM) to protect Entra ID logons with two-factor authentication.
This integration is currently in limited availability. To learn more, contact your Akamai account representative.
Before you begin
- An active Entra ID P1 or P2 subscription is required.
- Ensure that you have access to an Entra ID administrator account with appropriate privileges.
Add an Entra ID integration
Follow this procedure to generate your integration credentials that you will need to provide in the following steps to enable the communication between Akamai MFA and Entra ID.
- In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.
- Click Add integration (+).
- In Integration Type, select Microsoft Entra ID.
- In Name, enter a unique name for your Entra ID integration.
- Click Save and Deploy.
You’ve just generated your Name, Client ID, Discovery Endpoint, and App ID. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used in the following steps to configure the integration in the Entra admin portal. Additionally, you can find the following information on the integration page:- Azure environment. Your Azure cloud instance. The global Azure cloud (
azure_cloud
) is the only cloud instance supported in the LA version of the integration. - Username source. Specifies which authentication ID token field to use as the MFA username.
preferred_username
is the only authentication ID token field supported in the LA version of the integration.
- Azure environment. Your Azure cloud instance. The global Azure cloud (
Configure Entra ID
Follow these steps to add Akamai MFA as your external authentication method in Entra ID.
For the latest instructions on how to configure an external authentication method in Entra ID, refer to the Microsoft Entra ID help page.
- Log in as administrator to your account in the Microsoft Entra admin center.
- Go to Protection > Authentication Methods > Policies.
- Click + Add external method (Preview).
- On the Add external method page, enter a Name for your Akamai MFA authentication method. Note that your users see this name when selecting an authentication method they want to use. The recommended name is Akamai MFA.
- Go to your Entra ID integration page in Enterprise Center, copy the integration credentials (Client ID, Discovery Endpoint, and App ID), and paste them into the respective fields on the Entra ID’s Add external method page.
- Click Request permission to grant admin consent for the Akamai MFA integration.
- Check the Consent on behalf of your organization checkbox.
- Click Accept.
- Toggle Enable to On.
- Click + Add Target to select users or groups that you want to use Akamai MFA as an external authentication method. By default, the policy applies to all users.
- Click Save.
Disable security defaults in Entra ID if you want Akamai MFA to be the only option shown to users. Security defaults adds other authentication options to the login page when enabled.
Limitations
Any user sent to Akamai MFA from Entra ID is required to complete an MFA challenge, even if Akamai MFA policy allows the user to skip this step. Users are also not allowed to skip enrollment. You can configure your Entra ID Conditional Access policy to skip these MFA workflows entirely as needed.
Next steps
Set up your Conditional Access Policy in Entra ID to require multi-factor authentication. To learn more about building Conditional Access Policies, refer to the Microsoft Entra ID documentation.
Updated 4 days ago