Add a new identity provider
Before you begin
Deciding which IdP provider type to use is up to the preference of your business. If no IdP has been used before, you will likely use a custom SAML identity provider type. You may add a new IdP and use it to authenticate multiple applications.
In EAA you can use a third-party SAML IdP or EAA as the SAML IdP to authenticate access to your applications. When an IdP such as EAA and a SP such as a SaaS application both implement SAML, they are able to seamlessly authenticate accredited users associated with the IdP to use the SP. See EAA as the SAML identity provider for more information.
- Microsoft Azure AD
- Third party SAML
- Log in to the Enterprise Application Access (EAA) Management Portal.
From the top menu bar, select
. The Identity Providers page appears.
- Click Add Identity Provider.
- Enter a custom name and optional description for the identity provider.
- Select a provider type from the menu.
Click Create Identity Provider and
The Identity Provider configuration page appears.
In the Settings tab, General section, provide a
URL for the Identity
Server for Akamai IdP or Identity Intercept for
third-party IdP. You can select Use Akamai domain or Use
your domain. If you use you're own domain, you should use a self-signed
certificate or use an uploaded custom certificate. See Add a certificate to EAA,
Associate a certificate for using your own domain for your application. If you are adding
a new, third-party IdP, click Show Installation Instructions for portal type specific instructions to
configure Akamai (EAA) as the SP with that IdP.
Note: 14 days before the certificates expire, the IdPs will be changed to "Deployment Not Ready" state. You should renew the certificate before expiry and re-deploy the IdP, although the IdP would work fine during the expiration warning period.Note: For the identity provider, in the general settings, choose the Akamai Cloud zone closest to the majority of the users base. It can be of the form Client-* for example Client-US-East, or just US-East since the identity provider can be used for Client-access applications or client-less applications in any cloud zone. For tcp-type or tunnel-type client-access applications use Akamai Cloud zone of the form Client-* like Client-US-East, Client-US-West closest to the application in the data center. You can refer to the add and configure tcp-type client-access application or add and configure tunnel-type client-access application in the EAA Client Admin Guide.
- To save the changes click Save and go to Directories.