If you're using Okta as your identity management platform, you can integrate it with ​Akamai MFA​ to provide two sources of validation for your on-premises, mobile and third-party cloud application.

With this integration, users have to authenticate first with Okta, and then they are redirected to ​Akamai MFA​ for secondary verification.

See this diagram that presents a conceptual model of the authentication process. For clarity reasons, some traffic flows are not covered.

📘

This authentication process refers to users who are enrolled in ​Akamai MFA​.

1. The user attempts to access the protected enterprise application.

2. The user is prompted to log in using their credentials.

3. Upon successful authentication, Okta redirects the user to ​Akamai MFA​.

4. ​Akamai MFA​ challenges the user with secondary authentication.

5. The user confirms their identity using the selected secondary authentication method.

6. ​Akamai MFA​ redirects the user to Okta.

7. Okta redirects the user to the application server.

8. The user gains access to the application.

Prerequisites

• Sign up for an Okta account.

• IdP factor authentication Okta's early access feature is used as the integration point. Contact Okta to enable this capability.

Add Okta integration

Follow this procedure to generate the security components to supply your Okta tenant and, later, enable the communication between ​Akamai MFA​ and Okta.

1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.

2. Click Add Integration (+).

3. In Integration Type, select Okta.

4. In Name, enter a unique name for your Okta integration.

5. Click Save and Deploy.
   You’ve just generated your Issuer URI, SSO URL, and Certificate. This data will be available for you on the integration page. Your integration credentials can be copied anytime and used to configure the integration in the Okta Admin portal.

Configure ​Akamai MFA​ in Okta

Follow these steps to configure ​Akamai MFA​ in the Okta admin console. With this configuration, you enable a connection between ​Akamai MFA​ and Okta via SAML protocol.

1. Log in to your Okta account at https://<your tenant name>.okta.com. Click Admin to get into your administrator console.

2. Go to Security > Identity Providers.

3. Click Add identity provider, select SAML 2.0 IdP, and click Next.
   The Configure SAML 2.0 IdP page opens.

4. In General settings, enter the ​Akamai MFA​ integration name.

5. In Authentication settings, select Factor only in IdP Usage.

6. In SAML protocol settings, paste the data copied from ​Akamai MFA​ integration page: Issuer URI, SSO URL, Certificate.

7. Click Finish.

8. On the Edit IdP page, navigate to Summary and click Download metadata.

9. Go back to the Okta integration in ​Akamai Control Center​, and in Okta SP Settings click Provision.

10. In the Upload Okta Metadata dialog, click Metadata (the orange folder icon), and select the metadata.xml file that you previously downloaded by clicking Upload. When metadata displays in Metadata Content, click Upload to confirm.
    The uploaded metadata appears in the Okta SP Settings section.

11. Go back to the Okta portal.

12. Go to Security > Multifactor.

13. Click IdP Factor.
    The IdP Factor page opens.

14. Select your newly added IdP from the list and click Save.

15. To enable the IdP Factor, click Active.

Test your configuration

Follow these steps to create a group of testers and add a policy describing the sign-on rules. With those settings, you can check how your newly created integration works.

Testing your setup allows you to experience the end users' authentication process.

📘

This step is optional.

Create a group for test users

1. Log in to Okta Portal as an administrator.

2. Go to Directory > Groups.

3. Click Add Group.

4. Enter Group name and click Add Group.

Create users

1. Log in to Okta Portal as administrator.

2. Go to Directory > People.

3. Click Add Person.

4. Fill in obligatory fields and click Save or Save and Add Another to continue adding test users.

Create a policy

1. Log in to Okta Portal as an administrator.

2. Go to Security > Authentication.

3. Click Sign On.

4. Click Add New Okta Sign-On Policy.

5. Add Policy Name and assign the previously created group.

6. Click Create Policy and Add Rule.

Add a rule

1. Set rule conditions. Remember to select Required in Multifactor authentication (MFA) is to activate secondary authentication.

2. Click Create Rule.
   Now that you added testers and set the authentication policy, you can start testing your setup.

📘

To learn more about setting up Okta sign-on policies and rules, see Configure an Okta sign-on policy in Okta documentation.

To learn how to configure an app sign-on policy, see Configure an app sign-on policy in Okta documentation. When setting up your app sign-on policy, make sure to select Prompt for factor to activate secondary authentication.

Test your setup

1. Use test user credentials to log in to Okta Portal.

2. Immediately you're informed about the secondary authentication factor and prompted to self-enroll. Click Configure factor.

3. Click Enroll to configure the secondary authentication factor.

4. You are redirected to the ​Akamai MFA​ mobile app. Click Enroll a Device to start the self-enrollment process.

See For Users to learn about the details of the self-enrollment process in the service.