Block and unblock users from accessing applications

Learn to quickly block or unblock users from accessing applications.

EAA maintains session information like username, time of log in, browser used along with single sign-on (SSO). These attributes are kept till the session expires or the user logs out. There is no way for the administrator to clear this information even if the contract has expired, until the session timeout expires.

With this feature, the EAA identity administrator with Gmbo UI - IdP Admin permissions (see Role-based access control for EAA administrators) , can block users or terminate users sessions from accessing applications associated with an identity provider much faster. This is useful when the user has lost his credentials, left the organization, user’s hardware like MFA token is lost, or you want to block a user or multiple users from an application temporarily. After the situation is resolved, access can be granted.

After the admin blocks users, syncing to the directory happens every five minutes. If the user has any open sessions, they will be terminated in a five to ten minute window, depending on the log in time.

You can block a user, some users, or all users from an Akamai identity provider or third party identity providers like Okta and Azure.

When the administrator blocks a user on an identity provider (IdP). The user is blocked from accessing the applications since he cannot authenticate with his login credentials using that IdP. But, if the organization has another IdP that provides access to other applications, the same user will be allowed to access those applications. So blocking of the user happens only per IdP and not the entire Akamai cloud directory or LDAP.

If the blocked user is accessing client applications using EAA Client, the end user is immediately logged out.