Add an identity provider

Complete this procedure to add a new identity provider. Depending on the identity provider that you are setting up, review the setup process for the IdP. For more information, see:

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Click the plus sign icon in the upper right.
  3. Complete the Name and Description fields and select the provider type in the Provider Type field. Then click Continue.
  4. Configure identity server General settings:
    1. Go to the General settings section or click the General tab.
    2. Select Use Akamai domain.
      If your organization is licensed for Enterprise Application Access (EAA), you can select Use your domain. If you choose to use your domain, you must configure certificates in EAA.
    3. Enter the external hostname that you want to use for the login portal. If you can select the Use your domain option, you can enter the FQDN.
    4. In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
  5. To configure session settings for the login page:
    1. Go to the Session settings or click the Session tab.
    2. In the Session Idle Expiry field, enter the time in minutes that you want to allow for a session before it expires.
    3. If you want to limit session time, make sure Limit Session Life is enabled.
    4. In the Max Session Duration field, enter the maximum number of days for the session.
  6. Consider whether you want to challenge users with multi-factor authentication for Internet access. Even if you require MFA for EAA, you may decide not to require MFA for Internet access. You can choose built-in MFA capabilities or a third-party MFA provider.
    1. To configure a built-in MFA policy, go to the Authentication section or click the Authentication tab.
    2. Enable IDP MFA Policy. This setting enables a global multi-factor authentication policy.
    3. In the MFA Timeout field, enter the number of days that end user devices are registered.
    4. In the Organization Name field, enter the organization name that you want presented in emails or text messages that are sent to users with token codes. This applies when Email and SMS are selected as MFA factors.
    5. Select the factor that you want to use for multi-factor authentication. You can select more than one factor.
  7. Customize the Login Portal. For more information, see Customize the Login Portal.
  8. To configure IdP advanced settings:
    1. Go to the Advanced section or click the Advanced tab.
    2. To preserve the authentication cookie regardless of whether the browser is closed, confirm that Persistent Cookie is enabled. This cookie ensures that users don’t need to enter credentials again after the browser window is closed.
    3. If you want to allow lockout after failed login attempts, enable Temporary Account Lockout on Login Failures. Complete these steps:
      • In the Account Lockout Failed Attempts field, enter the maximum of failed login attempts.
      • In the Account Lockout Duration field, enter the amount of that’s allowed for the lockout.
  9. To associate a directory with the identity provider:
    1. Click the Directories tab.
    2. Click the plus sign icon in the upper right.
    3. On the window that displays, select one or more diretories and click Associate.
  10. Click Save to save your work or click Save and Deploy to both save your work and deploy the identity provider.
    Note: If a "Deployment Not Ready" message displays when you try to deploy the Idp, you must correct the issue as described in Make IdPs Deployment Ready.

Next steps

  1. If you save the identity provider without deploying it, you can use the following options to deploy it.
    • Deploy identity provider configuration changes as described in Deploy configuration changes.
    • If you are trying the new Enterprise Center interface, in the identity provider configuration, you can click the icon next to the Ready for Deployment status. A deployment icon also appears next to a failed deployment status in case you need to deploy the identity provider again. This action starts the deployment process.
  2. Assign the IdP to a policy. For more information, see Require authentication to access a website.