This integration lets you use ​Akamai MFA​ in your PingOne DaVinci flow.

Add an OIDC integration

Follow this procedure to create an OIDC integration that enables communication between ​Akamai​ MFA and PingOne DaVinci.

1. Configure your ​​Akamai​ MFA​ integration and generate your integration credentials, keys, and secrets:
   1. In the ​Akamai​ Control Center, navigate to the Enterprise Center.
   2. In the Enterprise Center navigation menu, select Multi-factor Authentication > Integrations.
   3. Click Add Integration (+).
   4. In Integration Type, select OIDC.
   5. In Name, enter a unique name for your integration.
   6. In Algorithm, select HS256.
   7. Click Save and Deploy.
      You’ve just generated your Signing Key, Client Secret, and Public Key. This data will be available for you on the integration page. Your MFA credentials can be copied anytime and used to set up an ​​Akamai​ MFA​ connector for use with your PingOne DaVinci flow.
2. The OIDC integration page provides the following information:
   1. Integration ID. A unique identifier for your OIDC integration with ​Akamai​ MFA.
   2. Signing Key. A private key for signing authentication requests.
   3. Client Secret. A secret key used to authenticate your OIDC application with ​Akamai​ MFA during the exchange of the authorization code to get the ID token.
   4. Public Key. A public key used by ​Akamai​ MFA to verify the signature on authentication requests.
   5. API Host. The ​Akamai​ MFA endpoint where your application sends OIDC authentication requests.
   6. Token validity. The duration in seconds for which ID tokens are considered valid. The maximum value is 600 seconds.
   7. Enforce HTTPS.
   8. Username normalization. With the username normalization enabled, you can allow different username variations - DOMAIN\username, username@domain, and username - to be matched with the same user record in ​Akamai​ MFA. See Apply username normalization to learn more.
   9. Authorized URLs. The list of URLs from which authentication requests are accepted. You can add a URL by clicking Add URL and specifying its Scheme, Hostname/IP, and Port.

Set up the ​Akamai​ MFA connector in PingOne DaVinci

1. In the Ping Identity DaVinci console, go to Connectors and add an ​Akamai​ MFA connector. Refer to the Ping Identity documentation to learn how to add a connector.
2. Click the name of the ​Akamai​ MFA connector you created and configure the connector as follows:
   1. Auth Endpoint. https://mfa.akamai.com/api/v1/idp/oidc/authorize
   2. Token Endpoint. https://mfa.akamai.com/api/v1/idp/oidc/token
   3. UserInfo Endpoint. https://mfa.akamai.com/api/v1/idp/oidc/token
   4. Integration ID. Your ​Akamai​ MFA OIDC integration ID. You can find it on your OIDC integration’s page in Enterprise Center.
   5. Client Secret. Your ​Akamai​ MFA OIDC integration client secret. You can find it on your OIDC integration’s page in Enterprise Center.
   6. Signing Key. Your ​Akamai​ MFA OIDC integration signing key. You can find it on your OIDC integration’s page in Enterprise Center.
   7. Scope. openid
   8. Application Redirect URL. Enter the URL of your application if you embed the DaVinci widget in your application.

Add ​Akamai​ MFA to your DaVinci flow

1. In the Ping Identity DaVinci console, go to Flows, click the name of the flow you’d like to update, and add the ​Akamai​ MFA connector you created to the authentication flow. Refer to Creating an authentication flow and How to create a flow in Ping Identity documentation to learn how to create an authentication flow.
2. In your flow, add the ​Akamai​ MFA connector after the first factor authentication step. Your flow may look something like the following demo flow:

3. Click Try Flow to launch a test run of your updated flow.