Okta

If you're using Okta as your identity management platform, you can integrate it with ​Akamai MFA​ to provide two sources of validation for your on-premises, mobile and third-party cloud application.

With this integration, users have to authenticate first with Okta, and then they are redirected to ​Akamai MFA​ for secondary verification.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.

📘

This authentication process refers to users who are enrolled in ​Akamai MFA​.

  1. The user attempts to access the protected enterprise application.

  2. The user is prompted to log in using their credentials.

  3. Upon successful authentication, Okta redirects the user to ​Akamai MFA​.

  4. ​Akamai MFA​ challenges the user with secondary authentication.

  5. The user confirms their identity using the selected secondary authentication method.

  6. ​Akamai MFA​ redirects the user to Okta.

  7. Okta redirects the user to the application server.

  8. The user gains access to the application.

ag-okta-diagramag-okta-diagram

Prerequisites

Add Okta integration

Follow this procedure to generate the security components to supply your Okta tenant and, later, enable the communication between ​Akamai MFA​ and Okta.

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

  2. Click Add Integration (+).

  3. In Integration Type, select Okta.

  4. In Name, enter a unique name for your Okta integration.

  5. Click Save and Deploy.
    You’ve just generated your Issuer URI, SSO URL, and Certificate. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used to configure the integration in the Okta Admin portal.

Configure ​Akamai MFA​ in Okta

Follow these steps to configure ​Akamai MFA​ in the Okta admin console. With this configuration, you enable a connection between ​Akamai MFA​ and Okta via SAML protocol.

  1. Log in to your Okta account at https://<your tenant name>.okta.com. Click Admin to get into your administrator console.

  2. Go to Security > Identity Providers.

  3. Click Add Identity Provider and select Add SAML 2.0 IdP.
    The Add Identity Provider page opens.

  4. In General settings, enter the ​Akamai MFA​ integration name.

  5. In Authentication settings, select Factor only in IdP Usage.

  6. In SAML protocol settings, paste the data copied from ​Akamai MFA​ integration page: Issuer URI, SSO URL, Certificate.

  7. Click Add Identity Provider.

  8. On the Identity Providers page, navigate to the newly created IdP and click the arrow next to its name to unfold the data. Click Download metadata.

  9. Go back to the ​Akamai MFA​, and in Okta SP Settings click Provision.

  10. In the Upload Okta Metadata dialog, click Metadata (the orange folder icon), and select the metadata.xml file that you previously downloaded by clicking Open. When metadata displays in Metadata Content, click Upload to confirm.
    The uploaded metadata appears in the Okta SP Settings section.

  11. Go back to the Okta portal.

  12. Go to Security > Multi-factor.

  13. Click IdP Factor.
    The IdP Factor page opens.

  14. Select your newly added IdP from the list and click Save.

  15. To enable the IdP Factor, click Active.

Test your configuration

Follow these steps to create a group of testers and add a policy describing the sign-on rules. With those settings, you can check how your newly created integration works.

Testing your setup allows you to experience the end users' authentication process.

📘

This step is optional.

Create a group for test users

  1. Log in to Okta Portal as an administrator.

  2. Go to Directory > Groups.

  3. Click Add Group.

  4. Enter Group name and click Add Group.

Create users

  1. Log in to Okta Portal as administrator.

  2. Go to Directory > People.

  3. Click Add Person.

  4. Fill in obligatory fields and click Save or Save and Add Another to continue adding test users.

Create a policy

  1. Log in to Okta Portal as an administrator.

  2. Go to Security > Authentication.

  3. Click Sign On.

  4. Click Add New Okta Sign-On Policy.

  5. Add Policy Name and assign the previously created group.

  6. Click Create Policy and Add Rule.

Add a rule

  1. Set rule conditions. Remember to select Prompt for Factor to activate the secondary authentication. See an example of the authentication rule below.

  2. Click Create Rule.
    Now that you added testers and set the authentication policy, you can start testing your setup.

Test your setup

  1. Use test user credentials to log in to Okta Portal.

  2. Immediately you're informed about the secondary authentication factor and prompted to self-enroll. Click Configure factor.

  3. Click Enroll to configure the secondary authentication factor.

  4. You are redirected to the ​Akamai MFA​ mobile app. Click Enroll a Device to start the self-enrollment process.

See For Users to learn about the details of the self-enrollment process in the service.


Did this page help you?