Add an identity provider

Complete this procedure to add a new identity provider. Depending on the identity provider that you are setting up, review the setup process for the IdP. For more information, see:

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Click the plus sign icon.
  3. Configure basic identity provider settings:
    1. In the Name and Description fields, enter a name and description of the IdP.
    2. In the Provider Type menu, select the type of identity provider that you are adding.
    3. Click Continue.
  4. Configure identity server General settings:
    1. Go to the General settings section or click the General tab.
    2. Select Use Akamai domain.
      If your organization is licensed for Enterprise Application Access (EAA), you can select Use your domain. If you choose to use your domain, you must configure certificates in EAA.
    3. Enter the external hostname that you want to use for the login portal. If you can select the Use your domain option, you can enter the FQDN.
    4. In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
  5. To configure session settings for the login page:
    1. Go to the Session settings or click the Session tab.
    2. In the Session Idle Expiry field, enter the time in minutes that you want to allow for a session before it expires.
    3. If you want to limit session time, make sure Limit Session Life is enabled.
    4. In the Max Session Duration field, enter the maximum number of days for the session.
  6. Consider whether you want to challenge users with multi-factor authentication for Internet access. Even if you require MFA for EAA, you may decide not to require MFA for Internet access. You can choose built-in MFA capabilities or a third-party MFA provider.
    1. To configure a built-in MFA policy, go to the Authentication section or click the Authentication tab.
    2. Enable IDP MFA Policy. This setting enables a global multi-factor authentication policy.
    3. In the MFA Timeout field, enter the number of days that end user devices are registered.
    4. In the Organization Name field, enter the organization name that you want presented in emails or text messages that are sent to users with token codes. This applies when Email and SMS are selected as MFA factors.
    5. Select the factor that you want to use for multi-factor authentication. You can select more than one factor.
  7. To configure IdP advanced settings:
    1. Go to the Advanced section or click the Advanced tab.
    2. To preserve the authentication cookie regardless of whether the browser is closed, confirm that Persistent Cookie is enabled. This cookie ensures that users don’t need to enter credentials again after the browser window is closed.
    3. If you want to allow lockout after failed login attempts, enable Temporary Account Lockout on Login Failures. Complete these steps:
      • In the Account Lockout Failed Attempts field, enter the maximum of failed login attempts.
      • In the Account Lockout Duration field, enter the amount of that’s allowed for the lockout.
  8. Associate a directory or multiple directories to the identity provider:
    1. Click the Directories tab.
    2. Click the link icon and select a directory or multiple directories.
    3. Click Associate.
  9. Customize the Login Portal. For more information, see Customize the Login Portal.
  10. Click Save.

Next steps

  1. Deploy the IdP configuration. For more information, see Deploy configuration changes.
  2. Assign the IdP to a policy. For more information, see Require authentication to access websites in an AUP category.