Akamai MFA CLI
Akamai MFA CLI lets you manage your MFA configuration and fetch your Akamai MFA authentication logs using the command-line interface (CLI).
Before you begin
To use Akamai MFA CLI you need:
- Akamai CLI installed
- If you do not have the CLI and are using Homebrew on macOS, run this command:
brew install <<COMPANY_NICKNAME>>
- You may also download OS-specific CLI binaries or a Docker image
- Python 3.7 or greater installed on your system
- Python Package manager (pip) installed on your system
- CLI module for Akamai MFA
To check if you have a working Python with pip installed, run the following commands:
python -–version pip -–version
- To interact with your Akamai MFA configuration, you need valid Akamai MFA EdgeGrid credentials configured via Akamai Control Center. To learn how to set up necessary permissions, see Set up your API credentials to manage your Akamai MFA configuration.
For more information, see Akamai CLI and Akamai MFA CLI GitHub.
Configure and fetch Akamai MFA authentication logs
Follow this procedure to learn how to get access and interact with authentication events data feeds.
-
In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.
-
Click Add integration (+).
-
Select Logging, and set the integration name, for example,
cli-mfa
. -
Click and Save and Deploy.
You’ve just generated your API Host, Integration ID, and Signing Key. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used in the following steps to configure the integration settings. -
Copy your Integration ID and Signing Key.
-
Add them both into your
~/.edgerc
file, either in the[default]
section or one of your choice:
[default]
mfa_integration_id = app_12345abcdef
mfa_signing_key = some-random-key
If you are working with multiple tenants, you need to:
- Create another Logging-type integration
- Use newly-generated credentials in each new tenant
- Enter your new credentials into different sections of the
edgerc
file.
As all the log lines are JSON-formatted from the source, there is no need to extract fields separately.
You can now use the CLI to fetch authentication events.
Set up your API credentials to manage your Akamai MFA configuration
Follow this procedure to learn how to get access and interact with your Akamai MFA configuration.
- See Create authentication credentials to learn how to create an API client.
- Create an Akamai MFA API (
/amfa
) client with aREAD-WRITE
orREAD
access level. If you selectREAD
access,cli-mfa
will be only allowed to performGET
operations. - Copy or download the credentials and add them into your
~/.edgerc
file, either in the[default]
section or one of your choice.
Your finished file may look like this:
[default]
client_secret = client-secret-goes-here
host = akab-xxxx.luna.akamaiapis.net
access_token = your-access-token
client_token = your-client-token
You can now use the CLI to manage your Akamai MFA configuration. For example, you can list your Akamai MFA users.
Updated over 1 year ago