This section contains the ‚ÄčAkamai MFA‚Äč User API concepts that this API makes available in its URL resources and data:

  • User. Specifies a user account for an individual accessing enterprise applications. Each user is identified by the userId. You can add and manage user accounts manually or import them from external directory services. You can also assign a specific user account to only one hardware token, and a set of groups and policies.
    See Manage users and devices to learn more.

  • Group. Specifies a collection of user accounts that share the same set of access privileges. Each group is identified by the groupId. You can assign one or multiple groups to a user to manage access privileges to distinct applications on the group level.
    See Manage groups to learn more.

  • Device. A trusted mobile device that is associated with the user account. Each device is identified by the deviceId. The user uses the device to confirm their identity and get access to protected applications.

  • Disable a device. You can deactivate a user‚Äôs device that poses a threat to your data or if it remains inactive. The user whose device is disabled can‚Äôt use it to confirm their identity.

  • Enable a device. This action lets you activate a device that was previously inactive in the ‚ÄčAkamai MFA‚Äč service. The user whose device is enabled can use it to confirm their identity and get access to protected applications.

  • Enrollment. Describes the way that new user accounts are set up in the service. This API lets you invite new users by sending them enrollment emails.
    See Enroll new users to learn more about all supported enrollment methods.

  • Enrollment email. An email containing the enrollment link that is sent to new users to invite them to the ‚ÄčAkamai MFA‚Äč service. The user clicks the link and follows the on-screen instructions to self-enroll and activate the authentication device.

  • Bypass code. A backup authentication method that lets you generate a temporary authentication code for a specific user. With the bypass code, you can enable the user to authenticate when, for example, they want to enroll a new device in the service or their enrolled trusted device was misplaced. Each bypass code is identified by the bypassCodeId.

  • Hardware token. One of the authentication second factors supported by ‚ÄčAkamai MFA‚Äč. A hardware token is a security device that generates one-time passcodes used by users to authenticate. To assign a hardware token, you need its serial number. You can assign one hardware token per user. Each hardware token is identified by the deviceId.

  • Policy. A policy is a set of rules that defines how ‚ÄčAkamai MFA‚Äč handles users trying to access protected applications. With policies, you can create access control rules to allow or deny access to an application or multiple applications under certain conditions. You can assign one or multiple policies to a user. Each policy is identified by the policyId.
    See Manage policies to learn more about policies.