Add a new identity provider

Before you begin

See Identity and identity providers.

With Enterprise Application Access (EAA) as your service provider (SP), you must identify identity providers (IdP) within EAA and assign them to an application in order to authenticate SAML and Single sign-on (SSO) authentication (SSO) for those applications.

When it comes to directories, if you use either EAA's Cloud Directory or an Active Directory (AD), you will likely use EAA as both your SP and IdP. This does not generate any SAML.

Deciding which IdP provider type to use is up to the preference of your business. If no IdP has been used before, you will likely use a custom SAML identity provider type. You may add a new IdP and use it to authenticate multiple applications.

In EAA you can use a third-party SAML IdP or EAA as the SAML IdP to authenticate access to your applications. When an IdP such as EAA and a SP such as a SaaS application both implement SAML, they are able to seamlessly authenticate accredited users associated with the IdP to use the SP. See EAA as the SAML identity provider for more information.

EAA supports these IdP Provider Types:
  • Akamai
  • Google
  • Microsoft Azure AD
  • Okta
  • OneLogin
  • PingOne
  • Third party SAML

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, select Identity > Identity Providers .
    The Identity Providers page appears.
  3. Click Add Identity Provider.
  4. Enter a custom name and optional description for the identity provider.
  5. Select a provider type from the menu.
  6. Click Create Identity Provider and configure.
    The Identity Provider configuration page appears.
  7. Complete the general settings, authentication configuration, session settings, and misc fields. If you are adding a new, third-party IdP, click Show Installation Instructions for portal type specific instructions to configure Akamai (EAA) as the SP with that IdP.
    Note: For the identity provider, in the general settings, choose the Akamai Cloud zone closest to the majority of the users base. It can be of the form Client-* for example Client-US-East, or just US-East since the identity provider can be used for Client-access applications or client-less applications in any cloud zone. For tcp-type or tunnel-type client-access applications use Akamai Cloud zone of the form Client-* like Client-US-East, Client-US-West closest to the application in the data center. You can refer to the add and configure tcp-type client-access application or add and configure tunnel-type client-access application in the EAA Client Admin Guide.
  8. To save the changes click Save and go to Directories.

Next steps