Add a new identity provider

Before you begin

See Identity and identity providers.

With Enterprise Application Access (EAA) as your service provider (SP), you must identify identity providers (IdP) within EAA and assign them to an application in order to authenticate SAML and Single sign-on (SSO) authentication (SSO) for those applications.

When it comes to directories, if you use either EAA's Cloud Directory or an Active Directory (AD), you will likely use EAA as both your SP and IdP. This does not generate any SAML.

Deciding which IdP provider type to use is up to the preference of your business. If no IdP has been used before, you will likely use a custom SAML identity provider type. You may add a new IdP and use it to authenticate multiple applications.

In EAA you can use a third-party SAML IdP or EAA as the SAML IdP to authenticate access to your applications. When an IdP such as EAA and a SP such as a SaaS application both implement SAML, they are able to seamlessly authenticate accredited users associated with the IdP to use the SP. See EAA as the SAML identity provider for more information.

EAA supports these IdP Provider Types:
  • Akamai
  • Google
  • Microsoft Azure AD
  • Okta
  • OneLogin
  • PingOne
  • Third party SAML

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, select Identity > Identity Providers .
    The Identity Providers page appears.
  3. Click Add Identity Provider.
  4. Enter a custom name and optional description for the identity provider.
  5. Select a provider type from the menu.
  6. Click Create Identity Provider and configure.
    The Identity Provider configuration page appears.
  7. In the Settings tab, General section, provide a URL for the Identity Server for Akamai IdP or Identity Intercept for third-party IdP. You can select Use Akamai domain or Use your domain. If you use you're own domain, you should use a self-signed certificate or use an uploaded custom certificate. See Add a certificate to EAA, Associate a certificate for using your own domain for your application. If you are adding a new, third-party IdP, click Show Installation Instructions for portal type specific instructions to configure Akamai (EAA) as the SP with that IdP.
    Note: 14 days before the certificates expire, the IdPs will be changed to "Deployment Not Ready" state. You should renew the certificate before expiry and re-deploy the IdP, although the IdP would work fine during the expiration warning period.
    Note: For the identity provider, in the general settings, choose the Akamai Cloud zone closest to the majority of the users base. It can be of the form Client-* for example Client-US-East, or just US-East since the identity provider can be used for Client-access applications or client-less applications in any cloud zone. For tcp-type or tunnel-type client-access applications use Akamai Cloud zone of the form Client-* like Client-US-East, Client-US-West closest to the application in the data center. You can refer to the add and configure tcp-type client-access application or add and configure tunnel-type client-access application in the EAA Client Admin Guide.
  8. To save the changes click Save and go to Directories.

Next steps