Guide
TrainingSupportCommunity

Manage Akamai MFA

Suggest Edits

​Akamai MFA​ is a multi-factor authentication service that helps organizations to establish trust in a user before allowing access to protected applications and resources. It secures remote access for the workforce and protects employee accounts. You can integrate ​Akamai MFA​ with your existing identity provider (IdP) and add an extra layer of security to your internal resources. This will require users to confirm their identity using independent authentication methods.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.

  1. The user attempts to open a protected enterprise application.

  2. The IdP prompts the user to log in using their corporate credentials.

  3. Upon successful primary authentication, the IdP redirects the user to ​Akamai MFA​ for secondary authentication.

  4. ​Akamai MFA​ challenges the user with a secondary authentication challenge.

  5. The user confirms their identity using the selected secondary authentication method.

  6. After the user’s identity is confirmed, ​Akamai MFA​ redirects the user to the IdP.

  7. The IdP redirects the user to the application server.

  8. The user gains access to the application.

ag-system-diagram

​Akamai​ implements the strongest security methodology for multifactor authentication. This solution supports U2F/WebAuthn/FIDO2 standards that are delivered in a way that's easy to deploy and easy to adopt.

The ​Akamai MFA​ navigation menu in ​Akamai Control Center​ provides you with capabilities that let you easily set up the ​Akamai MFA​ service:

  • Automate your user provisioning process. Using SCIM, ​Akamai MFA​ automates user-provisioning workflows, ensuring that changes in your directory are immediately reflected. See user provisioning to learn more about the available provisioning options.

  • Establish seamless IdP integrations. You can easily integrate ​Akamai MFA​ with market-leading IdP and identity solutions such as Microsoft Azure, Okta, and EAA IdP to provide a seamless MFA service. With ​Akamai MFA​, you can also protect your Unix SSH and Windows local and remote logins. See manage integrations to learn more about all supported solutions.

  • Provide users with self-service enrollment. Various low-friction self-service methods are provided for end-user enrollment and device registration, reducing the load on administrators. See enroll new users to learn more.

  • Manage access policies. With ​Akamai MFA​ global policy you can ensure compliance with organizational security standards at the organization level. You can also apply more granular access controls with the custom policies that can be assigned on a resource basis. Configurable authentication factors let you select the authentication factors that you need for your use case, including phish-proof push, standard push, TOTP, and SMS. See manage policies to learn more.

​Akamai MFA​ enables you also to perform the following maintenance and administrative tasks:

  • Manage users, groups, and devices. The Users and Groups pages provide key information about your users and groups to help you make more informed decisions. See manage users and devices and manage groups to learn more.

  • Provide users with the ​Akamai​ phish-proof authentication factor. You can enable FIDO2 security for users and provide them with a strong authentication process via a frictionless push notification. See allowed authentication methods to learn about available secondary authentication factors and self-enroll your security key to follow the enrollment process performed by users to register their phone security key.

  • Troubleshoot with authentication events reporting. The Authentication events report provides you with a complete set of rich reporting features that keep your administration team informed of authentication events. See manage reports to learn more.

  • Manage enrollment emails. Customize the content of your enrollment emails and monitor emails that were sent to invite new users within the last 30 days. See manage the enrollment emails.

  • Manage the configuration changes including previous deployments and updates that are pending deployment. See deploy configuration changes.

Updated almost 3 years ago