Guide

Self-enroll your security key

Suggest Edits

​Akamai MFA​ supports the FIDO2 (WebAuthn) and U2F standards for a strong, cryptographic authentication that includes 4 types of authenticators:

  1. U2F-only devices, for example, security keys.

  2. FIDO2 devices, for example, security keys.

  3. Platform authenticators that are built into the OS and browsers:

    • OS. For example, Touch ID on macOS and Windows Hello on Windows.

    • Browser. Platform authenticators built into the Safari browser on macOS and iOS, and Chrome on Android and Windows desktop devices.

  4. ​Akamai​ phone security key. This solution uses the ​Akamai MFA​ mobile app running on iOS or Android devices (the same app that is used to receive regular push notifications) paired with the browser.

A security key is a cryptographic hardware device (like a Yubikey USB token or an iPhone using Apple's secure enclave) that securely connects to your computer either via USB, Bluetooth, or even over the network. This solution, which is also called a roaming authenticator, can be used for authentication purposes on multiple platforms, for example, PCs, laptops, tablets, or phones.

​Akamai MFA​ also supports the phone security key that lets you link your smartphone to a specific browser and create a cryptographically secure channel of communication between those two parties. With this solution, you enable the ​Akamai MFA​ mobile app on your mobile device, to generate your private/public key pair, store it and use it to authenticate your access to protected resources. The phone security key is also a roaming authenticator and can be paired with multiple platforms. You may only need to install multiple browser extensions if you're using different browsers to access different web applications.

Two components of the ​Akamai MFA​ phone security key solution and their roles in the authentication process are the following:

  • The ​Akamai MFA​ mobile app. Install the app on your Android device or iPhone. The app generates a private/public key pair and stores your private key on your smartphone. During the enrollment process, you have to pair your phone with the browser by scanning the QR code. This lets you transmit the browser's public key to the app. The browser's public key together with the app's public key is transmitted to the browser via the Internet, which lets you establish a secure channel of communication between the app and the browser. This also turns your smartphone into a highly secure authenticator

  • The browser. Depending on the policy configuration, you may select from the following options to pair your browser with the mobile app:

    • Use the ​Akamai MFA​ browser extension. Install one or multiple browser extensions on your computer. The extension discovers any paired authenticators and enables communication between the browser and the ​Akamai MFA​ mobile app. The browser extension securely communicates the origin of the page you're on (the domain) to the mobile app. It forwards security key signing requests to the ​Akamai MFA​ mobile app on your phone which, upon approval, returns the signature back to the web page for authentication.
    • Use the extensionless flow. If enabled by your administrator in the MFA policy, this lets you pair your mobile app with the browser without the extension.

Self-enroll your FIDO2 Phone Security Key without the browser extension

Enroll your Phone Security Key in the ​​Akamai MFA​ service. With this setup, you can use your smartphone to respond to authentication challenges and obtain access to protected applications and resources.

The following are the minimum browser versions that support FIDO2 Phone Security Key without the browser extension:

  • Chrome 88
  • Edge 88
  • Firefox 42
  • Safari 14.0.3 (macOS 10.14 or later)

Before you begin

To enroll your phone security key in the ​Akamai MFA​ service, you need to install the ​Akamai MFA​ app on your device. On your smartphone, download the ​​Akamai MFA​​ app from the App Store (for iPhone) or Google Play Store (for Android).

How to

📘

To learn how to access the ​​Akamai MFA​ device enrollment page, see Self-enroll in Akamai MFA.

  1. When you are redirected to ​​Akamai MFA​ on your computer, in the Set up Multifactor Authentication dialog, click Enroll a Device.

  2. In Select a device to enroll, click ​Akamai MFA​.

  3. On your smartphone, open the ​Akamai MFA​ app.

  4. In Set up Multifactor Authentication, scan the QR code with your ​Akamai MFA​ app or enter the code manually.

    Your smart device is now enrolled and paired with the browser. You can respond to future authentication requests by clicking Use Security Key in the authentication prompt dialog.

Self-enroll your physical security key or your FIDO2 Phone Security Key with the browser extension

Enroll your Phone Security Key in the ​​Akamai MFA​ service. With this setup, you can use your smartphone to respond to authentication challenges and obtain access to protected applications and resources.

The following are the minimum browser versions that support FIDO2 Phone Security Key with the browser extension:

  • Chrome 88
  • Edge 88
  • Firefox 42
  • Safari 14.0.3 (macOS 10.14 or later)

Before you begin

To enroll your FIDO2 Phone Security Key in the ​Akamai MFA​ service, follow the below steps:

  1. On your smartphone, download the ​Akamai MFA​ app from App Store (for iPhones) or Google Play Store (for Android).

📘

If the ​Akamai MFA​ app download and install from Google Play Store on your mobile device is taking longer than normal, go to Settings > Apps and make sure you have no pending installations or updates. If there are any pending installations, either cancel them or wait for them to complete. This will let you proceed and complete the installation of the ​Akamai MFA​ mobile app.

  1. On your computer, download the Chrome, Microsoft Edge, Firefox or Safari browser extension for ​Akamai MFA​. Depending on the browser that you use, follow these instructions:

    • For the Chrome extension:

      i. Go to the ​Akamai MFA​ extension page and click Add to Chrome.

      ii. In the Add ​Akamai MFA​ dialog, click Add extension.

      A dialog with the QR code displays on your computer.

      iii. To pair your mobile device with the browser, open the ​Akamai MFA​ app on your mobile device, scan the QR code, and click Pair.

      A banner displays on your computer confirming that you've successfully paired your smartphone with the browser.

      Now, you can configure the extension's settings.

      iv. In Chrome, go to > More tools > Extensions > Find ​Akamai MFA​ and click Details.

      v. To enable the extension on all sites, on the ​Akamai MFA​ extension page, in Site access, select On all sites.

      vi. To enable the ​Akamai MFA​ browser extension also for your sessions in the incognito mode, enable the Allow in incognito option.

    To learn more about Chrome extensions, see Install and manage extensions.

    • For the Microsoft Edge extension:

      i. Go to the ​Akamai MFA​ extension page.

      ii. Click Allow extensions from other stores in the banner at the top of the page.

      iii. Click Allow to confirm.

      iv. Click Add to Chrome.

      v. In the Add ​Akamai MFA​ dialog, click Add extension.

      A dialog with the QR code displays on your computer.

      vi. To pair your mobile device with the browser, open the ​Akamai MFA​ app on your mobile device, scan the QR code, and click Pair.

      A banner displays on your computer confirming that you've successfully paired your smartphone with the browser.

      Now, you can configure the extension's settings.

      vii. In Microsoft Edge, go to ••• > Extensions > Manage extensions > Find ​Akamai MFA​ on the list and click Details.

      viii. To enable the extension on all sites, on the ​Akamai MFA​ extension page, in Site access, select On all sites.

      ix. To enable the ​Akamai MFA​ browser extension also for your sessions in the incognito mode, enable the Allow in InPrivate option.

    To learn more about Chrome extensions, see Install and manage extensions.

    • For the Firefox extension:

      i. Go to the ​Akamai MFA​ extension and click Add to Firefox (+).

      ii. In the Add ​Akamai MFA​ dialog, click Add.

      A dialog with the QR code displays on your computer.

      iii. To pair your mobile device with the browser, open the ​Akamai MFA​ app on your mobile device, scan the QR code, and click Pair.

      A banner displays on your computer confirming that you've successfully paired your smartphone with the browser.

      Now, you can configure the extension's settings.

      iv. Go to Firefox > Add-ons > Manage your extensions.

      v. To enable the ​Akamai MFA​ browser extension also for your sessions in the incognito mode, in Run in Private Windows, select Allow.

    To learn more about Firefox extensions, see Manage extensions.

    • For the Safari extension:

      i. Go to the ​Akamai MFA​ extension page.

      ii. Click Install.

      You may be asked to enter your administrative password.

      A dialog with the QR code displays on your computer.

      iii. To pair your mobile device with the browser, open the ​Akamai MFA​ app on your mobile device, scan the QR code, and click Pair.

      A banner displays on your computer confirming that you've successfully paired your smartphone with the browser.

      Now, you can configure the extension's settings.

      iv. Go to Safari > Preferences > Extensions.

      v. To enable the extension, check the box next to ​Akamai MFA​ in the left sidebar.

      vi. To enable the extension on all sites, click Always Allow on Every Website.

      vii. To enable the ​Akamai MFA​ browser extension also for your sessions in the incognito mode, click Allow Private Browsing.

    To learn more about Safari extensions, see Get extensions.

After you pair your phone with the selected browser, you can follow these steps to enroll your phone or physical security key in the ​Akamai MFA​ service.

How to

📘

To learn how to access the ​Akamai MFA​ device enrollment page, see Self-enroll in Akamai MFA.

  1. When you are redirected to ​Akamai MFA​ on your computer, in the Set up Multi-factor Authentication dialog, click Enroll a device.

  2. In Select a device to enroll, click Security Key.

  3. Depending on the security key type that you're using, do the following:

    • If you're using the hardware security key, insert it into the USB port of your computer.

    • If you're using the phone security key, place your smartphone close to your computer.

  4. In Connect a hardware security key or use the ​Akamai MFA​ mobile app, enter the security key's name, and click Add.

  5. When ​Akamai MFA​ connects with your security key, you receive a registration request on your smartphone. Click Allow to confirm your identity.

    registration-request

    A confirmation message displays on your computer screen.

    Now that you registered your security key as your authenticator, you can start using it to respond to authentication challenges.

Updated 4 months ago