You can connect your Keycloak solution with Akamai MFA, providing the user with two-step authentication. First, the user needs to confirm their identity with your Keycloak instance, for example, using their username and password. Next, the user has to confirm that the login is legitimate using one of the Akamai MFA second factors.
This guide will walk you through the steps to integrate Keycloak with Akamai MFA.
Before you begin
You need a custom bind integration to use Akamai MFA with Keycloak. Reach out to Akamai support to have one set up for you.
Download the Akamai MFA provider for Keycloak and unpack the archive.
akamai-keycloak-connector-VERSION.jarfile to the providers directory of your Keycloak distribution and restart your Keycloak server. To learn more about provider configuration, see Keycloak documentation.
Open your Keycloak admin console and click Authentication in the left sidebar menu.
In the Flows tab, find the browser built-in flow, click ⋮ and Duplicate the flow.
In the Duplicate flow screen, enter a name and description for your Akamai MFA browser flow and click Duplicate. In this example procedure, we will be using the following name:
MFA Browser Flow.
Flow details screen of the newly duplicated flow opens.
In the list of steps, find MFA Browser Flow forms, click + and Add step.
In Add step to MFA Browser Flow forms, select Akamai MFA and click Add.
Back on the flow details screen, find the MFA Browser Flow - Conditional OTP step and select Disabled from the dropdown menu.
Find the Akamai MFA step, drag it by holding ☷ and drop it below the Username Password Form step.
Expand the dropdown menu in the Akamai MFA step and select Required.
Click the cogwheel button in the Akamai MFA step to configure the integration.
In Akamai MFA config, enter the following:
- Alias. Enter your integration handle, e.g., Akamai MFA.
- Akamai MFA Host. Enter the URL provided by Akamai support.
- Akamai MFA Signing Key. Enter the Signing Key provided by Akamai support.
- Akamai MFA Verifying Key. Enter the Verifying Key provided by Akamai support.
- Akamai MFA App Id. Enter the Integration ID provided by Akamai support.
- Akamai MFA auth expiry (Seconds). Set the auth window in seconds.
- Fail Safe. With this setting enabled, users will be able to log in if Akamai MFA isn't reachable.
- Click Save.
- Back in MFA Browser Flow, navigate to the top right hand corner, expand the Action dropdown menu and click Bind flow.
- In Choose binding type, select Browser flow and click Save.
You've just configured a custom integration between your Keycloak server and Akamai MFA. You can now test your settings or continue configuring your Keycloak instance.
Updated 2 months ago