Use EAA application portal with third party IdP and allow users to access applications

Allows EAA application portal as the portal for third party IdPs which do not have a user portal.

When you use a third party IdP like Shibboleth or AD FS which do not have a user portal, you can use the EAA application portal and organize your applications. The application cards are filtered and displayed on the application portal depending on the groups the user belongs to and the applications assigned to those groups. When the users authenticate with a third party IdP, they will be directed to the EAA Application portal, or redirected to another URL. You can also enable authorization in the third party IdP to allow EAA to enforce authorization policy based on user groups to an application. This allows EAA to get the user from the SAML assertion, which is the NameID attribute in the SAML attributes sent by the third party IdP and allows mapping to the AD in the Akamai database. This functionality enables EAA to do the user authorization on behalf of the third party IdP, without having to set access control rules (ACLs) when using applications like Azure or AD FS.

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, click Identity > Identity Providers.
  3. Navigate to the third party identity provider card and click the Settings (gear) icon associated with the identity provider. You will see this on the IDP card:
  4. Click General tab.
  5. Go to the Authentication configuration section, URL. If it is left blank, the EAA application portal will be used. You can enter a different URL to redirect application portal URL.
  6. Click Directories tab, and assign the directory to the IdP. See Add a directory to an identity provider.
  7. Click Advanced Settings tab, in the Authentication configuration section, click Enable Authorization, to allow EAA to do the user authentication.
  8. Click Save and go to Deployment, to deploy the IdP.
    When the user logs in to the third party IdP, after authentication, they are redirected to the Akamai application portal. Based on their particular group access permissions, the respective application cards are displayed.