Akamai Technologies
  • Product docs
  • API docs
  • Release notes
  • Community
Configure EAA as service provider (SP) and use other third party identity providers (IdP) for authentication>Integrate Active Directory Federation Service (AD FS)>Enable encrypted SAML responses between EAA and AD FS
Enterprise Application Access
  • Welcome to Enterprise Application Access
  • How EAA works
    • The service architecture
  • Quick start guide
    • Step 1: Create, download and install a connector
    • Step 2: Set up an authentication source
    • Step 3: Create and configure an application
    • Step 4: Configure an authentication source
    • Step 5: See your configuration take off! Deploy your application
    • Step 6: Give it a try
  • Control Center
    • Access the EAA Management Portal from Control Center
  • Role-based access control for EAA administrators
    • Create a custom role on Control Center
    • Add a user to a role on Control Center
  • Feature previews
  • Connectors
    • Connector installation requirements
      • Connector-to-VM and cloud platform compatibility matrix
      • Service IPs to whitelist to ensure connectivity to EAA connectors
    • Create and download a connector in EAA
    • Add several connectors to an application for high availability
    • Rename a connector
    • Check connector OS version
    • Install and approve a connector in a virtual environment
      • Install a connector in a VMware environment
        • Install the VMware connector
        • Deploy a VMware vSphere Client using ESX or ESXi versions earlier than 6.5
        • Deploy a VMware vSphere Client using ESX or ESXi version 6.5 or later
          • Troubleshoot the VMware ESXi error: Failed to deploy VM: postNFCData failed
          • Troubleshoot the VMware ESXi error: VMware ESXi Embedded Host Client compressed disk image error
      • Install a connector in a Microsoft Azure environment
        • Verify that the connector was successfully created in Microsoft Azure
      • Install a connector in a Microsoft Hyper-V environment
      • Install a connector in an OpenStack environment
    • Install a connector in Amazon Web Services
      • Troubleshoot an Amazon Web Services connector
    • Install a Docker-based connector
    • Install a connector in a Google Cloud Platform environment
    • Configure networks with the connector VM console menu
      • Assign a static IP address to a connector from the connector console
      • Configure a DHCP address for a connector
      • Configure a DNS server for a connector
      • Check connector connectivity in the connector console
      • Accelerate connector connectivity time with the cloud
      • Configure a forward proxy server for a connector
      • Enable or disable remote debugging from a connector console
    • Associate a connector with an application
    • Common reasons for connector check-in failure
    • Security update for connectors
      • Update connectors for security vulnerability
  • Directories
    • Directory server certificate validation rules and use cases
    • Add or edit a directory
    • Add users to the cloud directory
    • Activate a user's account from a cloud directory
    • Add or remove users from the Cloud Directory admins group
    • Overlay groups
      • Create an overlay group
      • Add users to an overlay group
    • Search EAA for a directory user, group, or organizational unit
    • Sync users, groups, or organizational units in the EAA directory
    • Sync universal groups and users in a multi-domain Active Directory
    • Password complexity for end users in the Login Portal
      • Password character restrictions
      • Manage password complexity for the Login Portal from the Active Directory (AD)
  • Identity and identity providers
    • Add a new identity provider
    • Add a directory to an identity provider
    • Assign identity providers to an application
    • Deploy the identity provider
    • Identity provider health and deployment status
      • Troubleshoot IdP configuration errors from the IdP deployment status page
      • Troubleshoot IdP configuration errors from the application deployment status page
    • Change the identity provider session settings for an end user
    • Change the expiry timeout for end-user sessions
    • OpenID Connect
      • OpenID Connect concepts and terms
      • Supported OpenID Connect specifications
    • OpenID Connect parameters for an application
      • Configure OpenID Connect for a SaaS application
      • Configure OpenID Connect for an Access Application
    • SAML
      • SAML flows
    • EAA as the SAML identity provider
      • Configure EAA as the IdP for a custom SaaS application
        • Set up Atlassian applications as the SP and EAA as the IdP
        • Set up Cisco WebEx Spark as the SP and EAA as the IdP
        • Set up GitHub Enterprise as the SP and EAA as the IdP
        • Set up Google G Suite as the SP and EAA as the IdP
        • Set up Meraki as the SP and EAA as the IdP
        • Set up O365 as the SP and EAA as the IdP
        • Set up Salesforce as the SP and EAA as the IdP
        • Set up ServiceNow as the SP and EAA as the IdP
        • Set up ShareFile as the SP and EAA as the IdP
        • Set up Slack as the SP and EAA as the IdP
        • Set up Tableau as the SP and EAA as the IdP
        • Set up Zendesk as the SP and EAA as the IdP
      • Web Services Federation
        • Configure EAA as the STS provider to access a SaaS application
        • Configure WS-Federation for an access application
      • SAML IdP with Microsoft enhanced client or proxy
        • Configure Microsoft enhanced client or proxy in a SaaS application
      • Configure SAML for an Access application
  • Block and unblock users from accessing applications
    • Block users from accessing applications associated with an identity provider
    • Unblock users from accessing application associated with an identity provider
    • Block user from a directory associated with a third party identity provider.
      • Unblock users in the third party IdP
    • Configure EAA as service provider (SP) and use other third party identity providers (IdP) for authentication
      • Integrate with Azure Active Directory
        • Integrate Active Directory Federation Service (AD FS)
          • Send simple LDAP attributes from AD FS to EAA
            • Add AD FS as an identity provider in EAA
            • Setup relying party trust in AD FS
            • Use claims to send LDAP attributes from AD FS to EAA
            • Upload AD FS metadata to EAA IdP
            • Verify application user's email is sent from AD FS to EAA
          • Send complex attributes like group membership from AD FS to EAA
            • Add AD FS as an identity provider in EAA
            • Setup relying party trust in AD FS
            • Use custom claim description for sending group membership from AD FS to EAA
            • Upload AD FS metadata to EAA IdP
            • Verify AD FS group membership is sent from AD FS to EAA
          • Enable signed SAML requests between EAA and AD FS
            • Configure EAA for signed SAML requests
            • Configure AD FS for signed SAML requests
          • Enable encrypted SAML responses between EAA and AD FS
            • Configure EAA to send encrypted SAML responses
            • Configure AD FS for sending encrypted SAML responses
        • Integrate Okta
          • Authenticate user access to applications with OneLogin
        • User attributes
          • Create user attributes in EAA
          • Map user attributes of the directory
          • Perform a manual directory sync in EAA
          • Map custom LDAP user and group attributes to the EAA directory
        • Single sign-on (SSO) authentication
          • Use single sign-on (SS0) authentication for Atlassian Confluence
          • Use single sign-on (SSO) authentication for Atlassian JIRA
          • Configure single sign-on (SSO) for Jenkins using HTTP headers
        • Desktop single sign-on authentication
          • Add IWA workflow to an Akamai IdP
            • User agent strings
            • Description of use IWA parameter used in Integrated Windows Authentication settings
          • Configure automatic logon with Kerberos on end-user's machine for Akamai IdP
          • Configure EAA and Active Directory controller to use desktop SSO for IdP
          • Troubleshooting IWA
            • Troubleshooting issues in IWA
            • Troubleshooting HTTP response error codes
        • Multi-factor authentication
          • Enable a global multifactor authentication policy for Login Portal users
          • Enable or disable multi-factor authentication for each application
          • Enable or disable multi-factor authentication for each directory
          • Authenticate with recovery code instead of using MFA for an application
            • Install a time-based one-time password applications on a mobile device
            • Enable two-factor authentication for admin users
            • Reset the onetime password for a user
            • Customize the organization name in email and SMS MFA token notifications
            • Duo Security two-factor authentication
              • Retrieve information from Duo Security
              • Configure Duo Security in EAA
            • Confirm users can receive multi-factor authentication notifications
            • Payment Card Industry Data Security Standard (PCI DSS) compliant mode for MFA
              • When to use different types of MFA
              • Enable a global PCI DSS compliant MFA for Login Portal users
          • Certificates in EAA
            • Add a certificate to EAA
            • Upload a ROOT CA certificate for origin server validation
            • Associate a certificate for using your own domain for your application
            • Remove a self-signed certificate
            • Check the expiration date of an SSL certificate
            • Certificate-based authentication in the IdP
              • Enable certificate-based authentication for the IdP
            • Online certificate status protocol (OCSP)
              • Create an online certificate status protocol (OCSP)
            • Certificate-based user authentication with optional MFA at IdP
              • Enable certificate-based user validation in Akamai IdP
            • User agents in a web browser
            • Certificate-based device authentication or user validation in the application
          • Certificate-based validation of origin servers
          • Applications
            • Add an application to EAA
            • Configure access parameters for an application
            • Deploy the application
            • Assign a directory to an application
            • Access an application in the EAA Management Portal
            • Log in and access applications in the Login Portal
            • Use EAA application portal with third party IdP and allow users to access applications
            • Offload web application traffic from EAA cloud
              • Add public IP gateways to an IdP
              • Enable on premise end users to web access applications bypassing the EAA Cloud
          • Create favorite applications in the EAA Login portal
            • Add the favorite icon to all applications associated with an identity provider
            • Add favorite icon to all applications associated with third-party identity provider
            • Move applications to favorites section in Login portal
            • Remove applications from favorites section in Login portal
          • Application groups for rewrite rules
            • Create application groups for rewrite rules
          • Remote desktop protocol applications
            • Configure and deploy a remote desktop (RDP) application
            • Maximum resolution for an RDP session in EAA
            • Configure the initial setup for an RDP application
            • Enable single sign-on auto-login for RDP applications
            • Connect a Microsoft Windows server to an RDP application
            • Access the remote desktop application
            • Configure RDP client display settings
            • Upload files to the RDP portal
            • Download files from the RDP Portal
          • SSH applications
            • Configure and deploy a SSH application
            • Enable SSH auditing
          • Set up services for an application
            • Disable data compression
            • Access control rules
              • Create and edit access control rules
              • Disable or delete access control rules
              • Use control traffic shortcut in application card to configure access control rules
            • URL rewrite rules
              • Configure URL rewrite rules
              • Content type rewrite reference table
            • Internet Content Adaptation Protocol
              • Configure lCAP for an application
            • URL path-based policies
              • Configure URL path-based policies for an application
              • Point users to a specific URL to log out
          • Set up advanced settings for an application
            • Hide an application in the Login Portal from end-users
            • Enable WebSockets for an EAA application
            • Forward Kerberos ticket-granting ticket to application
            • Configure SAML single log out
            • User-facing authentication mechanism for applications
              • Configure the user-facing authentication mechanism
            • Multiple failed login attempts
              • Set a temporary lockout for multiple failed login attempts
            • Server load balancing for applications and connectors
              • Configure server load balancing for applications and connectors
              • Enable load balancing for several application servers
            • Custom HTTP headers
              • Configure custom HTTP headers
            • Configure HSTS for an application
            • Kerberos-constrained delegation
              • Add a keytab for Kerberos-constrained delegation
              • Interact with a keytab card
          • Set up a CNAME redirect for an application
          • Login Portal customization
            • Application categories
              • Create an application category
              • Assign a category to an application
              • Edit or remove an application category assignment
            • Add logos and images to the Login Portal login page
            • Configure, enable, or reset a color theme for the Login Portal
              • Preview a Login Portal color theme
            • Customize the password reset URL and new user sign up URL for the Login Portal
            • Login Portal languages
              • Configure the Login Portal language and other user interface characteristics
            • Customize the labels for the password reset and new user sign up links for the Login Portal
            • Customize the message to be sent to the administrator for obtaining recovery code in the Login Portal
            • Customize the Login Portal tab name in the browser
            • Enable iFrame embedding for the Login Portal login page
          • View EAA dashboard
            • Check EAA health, application and user statistics, login failures, geographical locations of users, active sessions created by unique users and obtain reports
          • Reports
            • Create a preset report
            • Create an application report
            • Create an Admin Event report
            • Create an SSH audit report
            • Save a report
            • Download a saved report
          • Troubleshooting overview and tips
            • Application response codes, login events, and errors
              • Troubleshoot error code: 549 Authentication Gateway Error
            • Change an EAA application server read timeout setting
            • Set up an EAA admin help desk email address
            • Service/debug mode
              • Enable service/debug mode
            • Troubleshoot connectors
              • Enable or disable remote debugging for a connector
              • Troubleshoot an unreachable connector
              • Test connector connectivity to applications with troubleshooting tools
                • Run a connector troubleshooting utility
              • EAA connector upgrade schedule
              • Gather a Fiddler trace
            • Troubleshoot directories
              • Test connectivity between the directory and connector
              • Review directory diagnostics and domain information
              • Check the user’s login credentials for the Login Portal
              • Troubleshoot unable to add a new user to the Cloud Directory
            • Troubleshoot applications
              • Troubleshoot application deployment
              • Troubleshoot application connectivity
              • Troubleshoot application access denied
              • Troubleshoot application links not working
              • Troubleshoot receiving a password prompt for every application link
              • Delete an EAA IdP or group from an application
              • Troubleshoot access to a Kerberized application
              • Troubleshoot page not working issues
            • Troubleshoot certificates
              • Troubleshoot certificate issues with Mozilla Firefox
              • Troubleshoot access to applications secured with EAA through Chrome that are accessed with Safari and Firefox
          • Install EAA-SDK
          • Extract EAA-SDK documentation from download URL
          • Generate an API key
          • Integrate Splunk
          • Delete the EAA-SDK API credentials
          • Integrate EAA with Kona Site Defender and Akamai Ion
          • Notice

          Enable encrypted SAML responses between EAA and AD FS

          To enable communication with encrypted SAML responses, configure both EAA and AD FS. This is an optional configuration.
          • Configure EAA to send encrypted SAML responses
          • Configure AD FS for sending encrypted SAML responses
          Learn more
          • Configure EAA to send encrypted SAML responses
          • Configure AD FS for sending encrypted SAML responses

          Search Results

          Close
          • Akamai.com
          • Contact us
          • Legal & privacy
          • Portal terms of use
          • Copyright © Akamai Technologies, Inc. All rights reserved