Enable a global PCI DSS compliant MFA for Login Portal users

Configure Payment Card Industry Data Security Standard (PCI-DSS) MFA for Akamai IdP

When you enable PCI DSS-compliant multi-factor authentication (MFA), users who log into the portal are required to use their standard login credentials and a time-based one-time password (TOTP) authentication token every time they log in. If the username, password, and time-based token are correct, the user has access to all of the applications associated with the identity provider (IdP). If any of the credentials are incorrect, the user does not have access to the application and an error message appears. Specific details of which step in the MFA process failed is not provided to the user.
MFA authentication failure error message on the Login Portal login page.

To enable PCI-DSS multi-factor authentication in an IdP:

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. Click Identity > Identity Providers in the top menu bar.
  3. Click the Configure Identity Provider icon on the identity provider.
  4. Click the Multifactor tab.
  5. Select the IdP MFA Policy checkbox. Do not select any of the MFA factors.
  6. The IdP PCI DSS Complaint checkbox appears. Select it. The MFA factors section will only show the TOTP checkbox.
  7. Select the TOTP checkbox.
    Note: If you selected any of the MFA factors like email, SMS, or Duo in step 5 and then went to step 6, you will see a window, asking you to deselect those options.
  8. To save changes click Save & Exit or Save and go to Advanced Settings.

Next steps

For changes to go into effect, Deploy the identity provider.