Akamai Technologies
  • Product docs
  • API docs
  • Release notes
  • Community
Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)>Integrate Active Directory Federation Service (AD FS)>Enable encrypted SAML responses between EAA and AD FS
Enterprise Application Access
  • Welcome to Enterprise Application Access
  • How EAA works
    • The service architecture
  • Quick start guide
    • Feature previews
    • Control Center
      • Access the EAA Management Portal from Control Center
    • Role-based access control for EAA administrators
      • Create a custom role on Control Center
      • Add a user to a role on Control Center
    • Connectors
      • Connector installation requirements
      • Connector-to-VM and cloud platform compatibility matrix
      • Create and download a connector in EAA
      • Install and approve a connector in a virtual environment
        • Install a connector in a VMware environment
          • Install the VMware connector
          • Deploy a VMware vSphere Client using ESX or ESXi versions earlier than 6.5
          • Deploy a VMware vSphere Client using ESX or ESXi version 6.5 or later
            • Troubleshoot the VMware ESXi error: Failed to deploy VM: postNFCData failed
            • Troubleshoot the VMware ESXi error: VMware ESXi Embedded Host Client compressed disk image error
      • Configure networks with the connector VM console menu
        • Assign a static IP address to a connector from the connector console
        • Configure a DHCP address for a connector
        • Configure a DNS server for a connector
        • Check connector connectivity in the connector console
        • Accelerate connector connectivity time with the cloud
        • Configure a forward proxy server for a connector
        • Enable or disable remote debugging from a connector console
      • Install a connector in an OpenStack environment
      • Install a connector in a Microsoft Hyper-V environment
      • Install a connector in a Microsoft Azure environment
        • Verify that the connector was successfully created in Microsoft Azure
      • Install a connector in Amazon Web Services
        • Troubleshoot an Amazon Web Services connector
      • Install a Docker-based connector
      • Install a connector in a Google Cloud Platform environment
      • Common reasons for connector check-in failure
      • Associate a connector with an application
      • Add several connectors to an application for high availability
      • Rename a connector
      • Security update for connectors
        • Connector health monitoring
        • Directories
          • Directory server certificate validation rules and use cases
          • Add or edit a directory
          • Add users to the cloud directory
          • Activate a user's account from a cloud directory
          • Add or remove users from the Cloud Directory admins group
          • Overlay groups
            • Create an overlay group
            • Add users to an overlay group
          • Search EAA for a directory user, group, or organizational unit
          • Sync users, groups, or organizational units in the EAA directory
          • Sync universal groups and users in a multi-domain Active Directory
          • SCIM provisioning with Azure Active Directory
            • Password complexity for end users in the Login Portal
              • Password character restrictions
              • Manage password complexity for the Login Portal from the Active Directory (AD)
          • Identity and identity providers
            • Add a new identity provider
            • Add a directory to an identity provider
            • Assign identity providers to an application
            • Deploy the identity provider
            • Identity provider health and deployment status
              • Troubleshoot IdP configuration errors from the IdP deployment status page
              • Troubleshoot IdP configuration errors from the application deployment status page
            • Change the identity provider session settings for an end user
            • Change the expiry timeout for end-user sessions
          • SAML
            • SAML flows
            • EAA as the SAML identity provider
              • Configure EAA as the IdP for a custom SaaS application
                • Set up Atlassian applications as the SP and EAA as the IdP
                • Set up Cisco WebEx Spark as the SP and EAA as the IdP
                • Set up GitHub Enterprise as the SP and EAA as the IdP
                • Set up Google G Suite as the SP and EAA as the IdP
                • Set up Meraki as the SP and EAA as the IdP
                • Set up O365 as the SP and EAA as the IdP
                • Set up Salesforce as the SP and EAA as the IdP
                • Set up ServiceNow as the SP and EAA as the IdP
                • Set up ShareFile as the SP and EAA as the IdP
                • Set up Slack as the SP and EAA as the IdP
                • Set up Tableau as the SP and EAA as the IdP
                • Set up Zendesk as the SP and EAA as the IdP
              • SAML IdP with Microsoft enhanced client or proxy
                • Configure Microsoft enhanced client or proxy in a SaaS application
              • Configure SAML for an Access application
          • OpenID Connect
            • OpenID Connect concepts and terms
            • Supported OpenID Connect specifications
            • OpenID Connect parameters for an application
              • Configure OpenID Connect for a SaaS application
              • Configure OpenID Connect for an Access Application
          • Web Services Federation
            • Configure EAA as the STS provider to access a SaaS application
            • Configure WS-Federation for an access application
          • Block and unblock users from accessing applications
            • Block users from accessing applications associated with an identity provider
            • Unblock users from accessing application associated with an identity provider
            • Block user from a directory associated with a third party identity provider.
              • Unblock users in the third party IdP
            • Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)
              • Integrate with Azure Active Directory
                • Integrate Active Directory Federation Service (AD FS)
                  • Send simple LDAP attributes from AD FS to EAA
                    • Add AD FS as an identity provider in EAA
                    • Setup relying party trust in AD FS
                    • Use claims to send LDAP attributes from AD FS to EAA
                    • Upload AD FS metadata to EAA IdP
                    • Verify application user's email is sent from AD FS to EAA
                  • Send complex attributes like group membership from AD FS to EAA
                    • Add AD FS as an identity provider in EAA
                    • Setup relying party trust in AD FS
                    • Use custom claim description for sending group membership from AD FS to EAA
                    • Upload AD FS metadata to EAA IdP
                    • Verify AD FS group membership is sent from AD FS to EAA
                  • Enable signed SAML requests between EAA and AD FS
                    • Configure EAA for signed SAML requests
                    • Configure AD FS for signed SAML requests
                  • Enable encrypted SAML responses between EAA and AD FS
                    • Configure EAA to send encrypted SAML responses
                    • Configure AD FS for sending encrypted SAML responses
                • Integrate Okta
                  • Authenticate user access to applications with OneLogin
                • User attributes
                  • Create user attributes in EAA
                  • Map user attributes of the directory
                  • Perform a manual directory sync in EAA
                  • Map custom LDAP user and group attributes to the EAA directory
                • Single sign-on (SSO) authentication
                  • Use single sign-on (SS0) authentication for Atlassian Confluence
                  • Use single sign-on (SSO) authentication for Atlassian JIRA
                  • Configure single sign-on (SSO) for Jenkins using HTTP headers
                • Desktop single sign-on authentication
                  • Add IWA workflow to an Akamai IdP
                    • User agent strings
                    • Description of use IWA parameter used in Integrated Windows Authentication settings
                  • Configure automatic logon with Kerberos on end-user's machine for Akamai IdP
                  • Configure EAA and Active Directory controller to use desktop SSO for IdP
                  • Troubleshooting IWA
                    • Troubleshooting issues in IWA
                    • Troubleshooting HTTP response error codes
                • Multi-factor authentication
                  • Enable a global multifactor authentication policy for Login Portal users
                  • Enable or disable multi-factor authentication for each application
                  • Enable or disable multi-factor authentication for each directory or certain groups
                  • Bypass MFA
                    • Configure bypass MFA criteria for an Akamai identity provider
                  • Enable or disable multi-factor authentication for each application
                  • Authenticate with recovery code instead of using MFA for an application
                    • Install a time-based one-time password applications on a mobile device
                    • Enable two-factor authentication for admin users
                    • Reset the onetime password for a user
                    • Customize the organization name in email and SMS MFA token notifications
                    • Akamai MFA two-factor authentication
                      • Duo Security two-factor authentication
                        • Retrieve information from Duo Security
                        • Configure Duo Security in EAA
                      • Confirm users can receive multi-factor authentication notifications
                      • Payment Card Industry Data Security Standard (PCI DSS) compliant mode for MFA
                        • When to use different types of MFA
                        • Enable a global PCI DSS compliant MFA for Login Portal users
                    • Certificates in EAA
                      • Add a certificate to EAA
                      • Upload a ROOT CA certificate for origin server validation
                      • Associate a certificate for using your own domain for your application
                      • Remove a self-signed certificate
                      • Check the expiration date of an SSL certificate
                      • Certificate rotation
                        • Certificate-based authentication in the IdP
                          • Online certificate status protocol (OCSP)
                          • Certificate-based device authentication or user validation in the application
                          • Certificate-based validation of origin servers
                          • Applications
                            • Add an application to EAA
                            • Configure access parameters for an application
                            • Deploy the application
                            • Application configuration versioning and rollback
                              • Assign a directory to an application
                              • Access an application in the EAA Management Portal
                              • Log in and access applications in the Login Portal
                              • Use EAA application portal with third party IdP and allow users to access applications
                              • Offload web application traffic from EAA cloud
                                • Add public IP gateways to an IdP
                                • Enable on premise end users to web access applications bypassing the EAA Cloud
                              • Application groups for rewrite rules
                                • Create application groups for rewrite rules
                              • Single Host Access for access applications
                                • Configure single host access and application groups for accessing HTTP Access applications
                              • Set up a CNAME redirect for an application
                            • Remote desktop protocol applications
                              • Configure and deploy a remote desktop (RDP) application
                              • Maximum resolution for an RDP session in EAA
                              • Configure the initial setup for an RDP application
                              • Enable single sign-on auto-login for RDP applications
                              • Connect a Microsoft Windows server to an RDP application
                              • Access the remote desktop application
                              • Configure RDP client display settings
                              • Upload files to the RDP portal
                              • Download files from the RDP Portal
                            • SSH applications
                              • Configure and deploy a SSH application
                              • Enable SSH auditing
                            • Set up services for an application
                              • Disable data compression
                              • Access control rules
                                • Create and edit access control rules
                                • Disable or delete access control rules
                                • Use control traffic shortcut in application card to configure access control rules
                              • URL rewrite rules
                                • Configure URL rewrite rules
                                • Content type rewrite reference table
                              • Internet Content Adaptation Protocol
                                • Configure lCAP for an application
                              • URL path-based policies
                                • Configure URL path-based policies for an application
                                • Point users to a specific URL to log out
                            • Set up advanced settings for an application
                              • Hide an application in the Login Portal from end-users
                              • Enable WebSockets for an EAA application
                              • Forward Kerberos ticket-granting ticket to application
                              • Configure SAML single log out
                              • User-facing authentication mechanism for applications
                                • Configure the user-facing authentication mechanism
                              • Multiple failed login attempts
                                • Set a temporary lockout for multiple failed login attempts
                              • Server load balancing for applications and connectors
                                • Configure server load balancing for applications and connectors
                                • Enable load balancing for several application servers
                              • Custom HTTP headers
                                • Configure custom HTTP headers
                              • Configure HSTS for an application
                              • Kerberos-constrained delegation
                                • Add a keytab for Kerberos-constrained delegation
                                • Interact with a keytab card
                              • Change an EAA application server read timeout setting
                              • Configure TLS Cipher Suite for applications
                            • Login Portal customization
                              • Application categories
                                • Create an application category
                                • Assign a category to an application
                                • Edit or remove an application category assignment
                              • Add logos and images to the Login Portal login page
                              • Configure, enable, or reset a color theme for the Login Portal
                                • Preview a Login Portal color theme
                              • Customize the password reset URL and new user sign up URL for the Login Portal
                              • Login Portal languages
                                • Configure the Login Portal language and other user interface characteristics
                              • Customize the labels for the password reset and new user sign up links for the Login Portal
                              • Customize the message to be sent to the administrator for obtaining recovery code in the Login Portal
                              • Customize the Login Portal tab name in the browser
                              • Enable iFrame embedding for the Login Portal login page
                              • Create favorite applications in the EAA Login portal
                                • Add the favorite icon to all applications associated with an identity provider
                                • Add favorite icon to all applications associated with third-party identity provider
                                • Move applications to favorites section in Login portal
                                • Remove applications from favorites section in Login portal
                            • View EAA dashboard
                              • Check EAA health, application and user statistics, login failures, geographical locations of users, active sessions created by unique users and obtain reports
                            • Reports
                              • Create a preset report
                              • Create an application report
                              • Create an Admin Event report
                              • Create an SSH audit report
                              • Save a report
                              • Download a saved report
                            • User Diagnostics portal
                              • Using the User Diagnostics portal
                              • Use cases solved with User diagnostics portal
                            • Troubleshooting overview and tips
                              • Application response codes, login events, and errors
                                • Troubleshoot error code: 549 Authentication Gateway Error
                              • Set up an EAA admin help desk email address
                              • Service/debug mode
                                • Enable service/debug mode
                              • Troubleshoot connectors
                                • Enable or disable remote debugging for a connector
                                • Troubleshoot an unreachable connector
                                • Test connector connectivity to applications with troubleshooting tools
                                  • Run a connector troubleshooting utility
                                • Self-upgrade of EAA connectors
                                • Gather a Fiddler trace
                              • Troubleshoot directories
                                • Test connectivity between the directory and connector
                                • Review directory diagnostics and domain information
                                • Check the user’s login credentials for the Login Portal
                                • Troubleshoot unable to add a new user to the Cloud Directory
                              • Troubleshoot applications
                                • Troubleshoot application deployment
                                • Troubleshoot application connectivity
                                • Troubleshoot application access denied
                                • Troubleshoot application links not working
                                • Troubleshoot receiving a password prompt for every application link
                                • Delete an EAA IdP or group from an application
                                • Troubleshoot access to a Kerberized application
                                • Troubleshoot page not working issues
                              • Troubleshoot certificates
                                • Troubleshoot certificate issues with Mozilla Firefox
                                • Troubleshoot access to applications secured with EAA through Chrome that are accessed with Safari and Firefox
                            • Install EAA-SDK
                            • Extract EAA-SDK documentation from download URL
                            • Generate an API key
                            • Delete the EAA-SDK API credentials
                            • Integrate EAA with any SIEM using ULS
                            • Integrate EAA with Kona Site Defender and Akamai Ion
                            • Notice

                            Enable encrypted SAML responses between EAA and AD FS

                            To enable communication with encrypted SAML responses, configure both EAA and AD FS. This is an optional configuration.
                            • Configure EAA to send encrypted SAML responses
                            • Configure AD FS for sending encrypted SAML responses
                            Learn more
                            • Configure EAA to send encrypted SAML responses
                            • Configure AD FS for sending encrypted SAML responses

                            Search Results

                            Close
                            • Akamai.com
                            • Contact us
                            • Legal & privacy
                            • Portal terms of use
                            • Copyright © Akamai Technologies, Inc. All rights reserved