Prevent employee account takeover and data breaches with phish-proof MFA.
Akamai MFA secures workforce logins for your cloud, web-based, on-premises, SaaS, and IaaS applications by leveraging the FIDO2 standard for authentication security. It delivers a user-friendly mobile push experience, eliminating the need for expensive hardware security keys. Akamai MFA seamlessly integrates with Akamai Enterprise Application Access to provide a complete Zero Trust Network Access (ZTNA) solution.
A mobile app turns the smartphone into a roaming FIDO2 authenticator to verify the user’s identity.
Akamai MFA combines the strong authentication security of FIDO2 with the simple end-user experience of a push notification.
FIDO2 shares no secrets with the server side, making it impervious to multi-factor authentication exploits.
Create a seamless service by integrating with market-leading IdP and identity solutions like Microsoft AD, Okta, and Ping Identity.
Akamai MFA is a complete multi-factor authentication solution that is built around the FIDO2 standard. For an equivalent level of access management, an organization would need to first deploy a multi-factor authentication solution and then buy, distribute, and manage FIDO2 hardware security keys, which significantly increases costs and operational complexities. Hardware security keys often result in poor end-user experiences as people lose or forget their keys, which then requires additional calls to the IT help desk and reduces user productivity.
Akamai MFA delivers all of the benefits of FIDO2-based MFA, but without the costs and complexities of hardware security keys or smart cards. It delivers a delightful and frictionless end-user experience through a smartphone application.
The FIDO2 standard is an authentication method developed by the FIDO Alliance containing two components: WebAuthn (W3C) and CTAP (FIDO Alliance). Key features of FIDO2 are:
Akamai MFA supports standard platform authenticators (from Microsoft, Apple, and others) and roaming authenticators in the form of physical security keys. Akamai’s differentiator, however, is that the Akamai MFA mobile app turns the smartphone into a roaming FIDO2 authenticator — the FIDO2 Phone Security Key. This capability delivers the following benefits:
The Akamai MFA solution protects against employee account takeover by using FIDO2-based authentication factors to verify that end users’ logins are legitimate. Traditional authentication factors such as one-time passwords, passcodes, SMS, TOTP, and push notifications have weaknesses that attackers can exploit to take over an employee account. FIDO2-based authentication factors do not have these weaknesses and are impervious to SIM-hijacking, machine-in-the-middle replay, push fatigue, and other exploit methods. You can further improve access management by adding biometric factors to the FIDO2 authentication factor.
Akamai MFA offers different authentication factors to support any use case. You can select the authentication second factors you need for identity verification, including FIDO2 Phone Security Key, other FIDO2 authenticators, standard push, TOTP, OTP, and SMS. To further increase the security of the authentication process, you can configure the service to use biometric factors, such as facial recognition, in addition to the FIDO2 Phone Security Key and standard push factors.
Akamai MFA offers easy integration with market-leading IdP and identity solutions such as Microsoft Active Directory (with ADFS), Okta, Ping Identity, and Akamai Enterprise Application Access cloud IdP to provide a seamless multi-factor authentication service.
Cyberattacks often begin with threat actors targeting identity and access management as the starting point. One common approach is to use sophisticated phishing emails that send employees to fake corporate login pages. These phishing emails will often be amplified with social engineering techniques — for example, calling the employee claiming they are from IT. The threat actors then use the harvested user credentials to login into the real corporate login page. In the event that standard push multi-factor authentication is being used, the employee will receive the push notification. If they accept this notification, then the threat actor has gained access.
Akamai MFA is based on FIDO2 authentication standards, which means even if a threat actor has obtained an employee’s login credentials, the FIDO2 push notification will not be received by the employee. This ensures that threat actors cannot use compromised user credentials to gain user access.
Yes, you can use Akamai MFA to provide a multi-factor authentication solution to increase the security of your authentication policies for your VPN. The PacketFence Gateway is a software component that you can install in your environment to provide integration between VPN servers and other network devices. The integration uses RADIUS (Remote Authentication Dial-In User Service), LDAP (Lightweight Directory Access Protocol), or Microsoft AD (Microsoft Active Directory) for primary authentication, and the Akamai MFA service as the secondary authenticator. By integrating Akamai MFA with PacketFence Gateway, you establish secure communication between users who are off-premises and use the VPN server or other network elements, such as firewalls and the corporate network.
Akamai MFA allows you to configure and manage the service with an API. Use this API to manage the following user-related tasks:
The primary difference between multi-factor authentication and two-factor authentication is the number of factors required for authentication. Two-factor authentication uses two factors — for example, username and password. Multi-factor authentication utilizes more than two factors — for example, a username, password, and an OTP, providing a higher level of secure access.
Single sign-on (SSO) is an authentication process that allows users to access multiple applications or services with a single set of login credentials (such as a username and password). Instead of requiring users to remember and enter separate credentials for each application, SSO enables users to authenticate once, and then access multiple applications without needing to reenter their credentials. Akamai MFA supports SAML-based SSO.
Learn more about a few common ways Akamai MFA is used.
Attackers are targeting your employees to compromise their accounts and are exploiting inherent security gaps in standard MFA solutions to bypass that additional security layer in your authentication process. FIDO2 is the security answer — but to get that, you need to buy, distribute, and manage physical FIDO2 security keys, which introduces complexity and increasing costs, and delivers a poor employee experience. Akamai MFA delivers all of the benefits of FIDO2-based multi-factor authentication, but without the costs and complexities of physical security keys, and delivers a delightful and frictionless end-user experience through a smartphone application.
Zero Trust Network Access (ZTNA) is a critical solution for companies that are moving to a Zero Trust architecture. Relying on single-factor authentication for employee logins based on username and password does not provide adequate security, especially if single sign-on (SSO) is being used with ZTNA. A single compromised user account can potentially give access to all the applications to which the SSO is linked.
Deploying Akamai Enterprise Application Access for secure access — together with Akamai MFA for strong authentication — enables organizations to quickly and easily deploy a strong and secure Zero Trust Network Access solution.
Poor password hygiene, such as using the same password for personal and corporate logins, is often the root cause in employee account takeover. Eliminating passwords as a primary authentication factor and replacing this with other factors, such as multi-factor authentication, is now supported by many identity as a service (IDaaS) providers. But replacing one insecure factor (passwords) with another insecure factor (i.e., standard push MFA, SMS, or one-time passwords) shifts, rather than solves, the security problem.
Deploying Akamai MFA as a key component of your move to passwordless authentication provides a fully secure and frictionless passwordless experience for user authentication, and strengthens your identity and access management to verify that all logins are legitimate.
Discover the benefits of Akamai MFA for yourself:
Set up your 60-day free trial:
Terms and restrictions apply.
