Guide

OIDC integration (Limited availability)

Suggest Edits

This integration uses the OIDC (OpenID Connect) authentication and authorization framework, which provides secure and standardized identity authentication and single sign-on (SSO) for web and mobile applications.

📘

This integration is currently in limited availability. To learn more, contact your ​Akamai​ account representative.

With the OIDC integration, you can connect your identity provider (IdP) solution with ​​Akamai MFA​, providing the user with two-step authentication. First, the user needs to confirm their identity with your IdP system, for example, using their username and password. Next, the user has to confirm that the login is legitimate using one of the ​​Akamai MFA​​ second factors.

Supported enrollment types:

  • Email enrollment
  • In-line enrollment

Supported secondary authentication methods:

  • Bypass code
  • Magic link
  • Email or SMS OTP
  • Hardware token TOTP/HOTP
  • Phone call
  • Phone security key
  • Push notification
  • ​Akamai MFA​​ TOTP
  • Third-party OTP devices
  • WebAuthn/FIDO2 security key

Add an OIDC integration

Follow this procedure to generate the security components to create a custom OIDC integration.

  1. Configure your ​​Akamai MFA​​ integration and generate your integration credentials, keys, and secrets:

    1. a. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.
    2. Click Add Integration (+).
    3. In Integration Type, select OIDC.
    4. In Name, enter a unique integration name.
    5. In Algorithm, select RS256, ES256, or HS256.

  2. Click Save and Deploy.
    You’ve just generated your Signing Key (HS256 only), Client Secret (HS256 only), Public Key (HS256 only), and Discovery URL (ES256 and RS256 only). This data will be available for you on the integration page. Your MFA credentials can be copied anytime and used to integrate ​​Akamai MFA​​ with your OIDC application.

  3. Your OIDC integration page includes the following:

    1. Integration ID. A unique identifier for your OIDC integration with ​Akamai MFA​.
    2. Signing Key (HS256 only). A private key for signing authentication requests.
    3. Client Secret (HS256 only). A secret key used to authenticate your OIDC application with ​Akamai MFA​ during the exchange of the authorization code to get the ID token.
    4. Public Key (HS256 only). A public key used by ​Akamai MFA​ to verify the signature on authentication requests.
    5. Discovery URL (ES256 and RS256 only). OIDC discovery document containing information required to configure your application and authenticate users.
    6. API Host. The ​Akamai MFA​ endpoint where your application sends OIDC authentication requests.
    7. Token validity. The duration in seconds for which ID tokens are considered valid. The maximum value is 600 seconds.
    8. Enforce HTTPS.
    9. Username normalization. With the username normalization enabled, you can allow different username variations - DOMAIN\username, username@domain, and username - to be matched with the same user record in ​Akamai MFA​. See Apply username normalization to learn more.
    10. Authorized URLs. The list of URLs from which authentication requests are accepted. You can add a URL by clicking Add URL and specifying its Scheme, Hostname/IP, and Port.

  4. In your application, enter the ​​Akamai MFA​Signing Key, Client Secret, Public Key, API Host, and/or Discovery URL that you generated.

    You've just configured an OIDC integration between your identity solution and ​​Akamai MFA​​.

Updated 9 months ago