Akamai MFA CLI

​Akamai MFA​ CLI lets you manage your MFA configuration and fetch your ​Akamai MFA​ authentication logs using the command-line interface (CLI).

Before you begin

To use ​Akamai MFA​ CLI you need:

  • ​Akamai​ CLI installed
  • If you do not have the CLI and are using Homebrew on macOS, run this command:
    brew install <<COMPANY_NICKNAME>>
  • You may also download OS-specific CLI binaries or a Docker image
  • Python 3.7 or greater installed on your system
  • Python Package manager (pip) installed on your system
  • CLI module for ​Akamai MFA​


To check if you have a working Python with pip installed, run the following commands:

python -–version
pip -–version

For more information, see ​Akamai​ CLI and ​Akamai MFA​ CLI GitHub.

Configure and fetch ​Akamai MFA​ authentication logs

Follow this procedure to learn how to get access and interact with authentication events data feeds.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

  2. Click Add integration (+).

  3. Select Logging, and set the integration name, for example, cli-mfa.

  4. Click and Save and Deploy.
    You’ve just generated your API Host, Integration ID, and Signing Key. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used in the following steps to configure the integration settings.

  5. Copy your Integration ID and Signing Key.

  6. Add them both into your ~/.edgerc file, either in the [default] section or one of your choice:

mfa_integration_id = app_12345abcdef
mfa_signing_key = some-random-key

If you are working with multiple tenants, you need to:

  1. Create another Logging-type integration
  2. Use newly-generated credentials in each new tenant
  3. Enter your new credentials into different sections of the edgerc file.

As all the log lines are JSON-formatted from the source, there is no need to extract fields separately.

You can now use the CLI to fetch authentication events.

Set up your API credentials to manage your ​Akamai MFA​ configuration

Follow this procedure to learn how to get access and interact with your ​Akamai MFA​ configuration.

  1. See Create authentication credentials to learn how to create an API client.
  2. Create an ​Akamai MFA​ API (/amfa) client with a READ-WRITE or READ access level. If you select READ access, cli-mfa will be only allowed to perform GET operations.
  3. Copy or download the credentials and add them into your ~/.edgerc file, either in the [default] section or one of your choice.

Your finished file may look like this:

client_secret = client-secret-goes-here
host = akab-xxxx.luna.akamaiapis.net
access_token = your-access-token
client_token = your-client-token

You can now use the CLI to manage your ​Akamai MFA​ configuration. For example, you can list your ​Akamai MFA​ users.