Okta passwordless login

If you’re using Okta as your identity management system, you can integrate it with Akamai MFA to set up a passwordless login.

With this configuration, users, instead of verifying their identity by entering corporate passwords or other memorized secrets, use a highly secure authentication factor, such as biometrics or a security key.

Passwordless authentication provides end-users with fast, simple, and secure access to their enterprise resources.

Add Okta integration

Follow this procedure to generate the security components to supply your Okta tenant and enable the communication between Akamai MFA and Okta.
Note: If you have already generated your SAML metadata for the Okta IdP Factor only configuration, omit this step. In the following step, use the integration metadata to configure your passwordless IdP and change the IdP configuration from Factor only to SSO only.
  1. In the navigation menu, select MFA > Integrations.
  2. Click Add integration.
  3. Select Okta and enter a unique integration name.
  4. Click Save and Deploy.

You’ve just generated your Issuer URI, SSO URL, and Certificate. This data will be available for you in Akamai MFA. It can be easily copied and used to configure the passwordless authentication in the Okta Admin portal.

Configure your identity provider for a single sign-on

In this step, you configure your Okta identity provider (IdP) and set up a SAML-based single sign-on (SSO) for your applications.

  1. Log in to your Okta account at https://<your tenant name>.okta.com. Click Admin to get into your administrator console.
  2. Go to Security > Identity Providers.
  3. Click Add Identity Provider and select Add SAML 2.0 IdP.

    The Add Identity Provider page opens.

  4. In General settings, enter the IdP name.
  5. In Authentication settings, select SSO only in IdP Usage. This setting lets you deploy the single sign-on for passwordless logins.
  6. In SAML protocol settings, paste the data copied from Akamai MFA integration page: Issuer URI, SSO URL, and Certificate.
  7. Click Add Identity Provider.

You’ve just set up your passwordless IdP for a single sign-on.

Set up routing rules

With routing rules, you can direct users to Akamai MFA’s passwordless login.

  1. Log in to your Okta account at https://<your tenant name>.okta.com. Click Admin to get into your administrator console.
  2. Go to Security > Identity Providers.
  3. Go to Routing Rules and click Add Routing Rule.
  4. In Add a rule, provide the following conditions that end users’ devices must meet to be redirected to the passwordless IdP that you created in the previous step:
    • In IF User’s IP is, specify at least one network zone.
    • In AND User’s device platform is, specify the devices’ platform(s).
    • In AND User is accessing, specify the application(s) for which you want to set up the passwordless login.
    • In AND User matches, specify the log-in attribute that the user must match. For example, you can set a condition that identifies users by the group they belong to. Select User attribute, next, select department Equals, and provide the group’s name.
    • In THEN Use this identity provider, select the passwordless IdP that you created in the previous step.

    To learn more about routing conditions, see Configure routing rules.

  5. Click Create Rule and activate your rule.

To find out more about routing rules and the way they are evaluated in the Okta Admin portal, see IdP routing rules.

You’ve just completed your passwordless setup for Okta IdP. Let’s test it.

Test your setup

Before you test your configuration, make sure you:
  • Created your tester’s group and add the authentication policy.
  • Added the routing rules that direct the user to the Akamai MFA passwordless IdP.

Make sure that the test user whose credentials you’re using, have been enrolled in Akamai MFA.

  1. In the Sign in prompt, provide your Okta username, and click Next.

    You’re redirected to the Akamai MFA authentication prompt.

  2. In the Paswordless login prompt, select your preferred authentication method. You can choose between Phone security key, Biometrics, and Hardware token. Next, confirm your identity using this factor.

    You’re redirected to the required web applications.