Akamai MFA

Prevent employee account takeover and data breaches with phish-proof MFA

Akamai MFA

Prevent employee account takeover and data breaches with phish-proof MFA

Secure workforce logins across your applications

Akamai MFA secures workforce logins for your cloud, web-based, on-premises, SaaS, and IaaS applications by leveraging the FIDO2 standard for authentication security. It delivers a user-friendly mobile push experience, eliminating the need for expensive hardware security keys. Akamai MFA seamlessly integrates with Akamai Enterprise Application Access to provide a complete Zero Trust Network Access (ZTNA) solution.

Make phish-proof authentication as easy as a mobile device push

Stop authentication bypass attacks with the most secure standard for multi-factor authentication.

Make multi-factor authentication secure through end-to-end cryptography without security keys, hardware tokens, or fobs.

Simplify adoption with a cloud-based MFA, self-service enrollment, and an easy smartphone app experience.

How Akamai MFA works

A mobile app turns the smartphone into a roaming FIDO2 authenticator to verify the user’s identity.

Akamai MFA combines the strong authentication security of FIDO2 with the simple end-user experience of a push notification.

FIDO2 shares no secrets with the server side, making it impervious to multi-factor authentication exploits.

Create a seamless service by integrating with market-leading IdP and identity solutions like Microsoft AD, Okta, and Ping Identity.

Features

  • Phish-proof FIDO2 MFA push notifications on any smartphone defeat MFA bypass attacks
  • Configurable authentication factors, including secure push, standard push, OTP, TOTP, SMS, and biometrics
  • Easily integrates with market-leading IdP and IAM solutions for a seamless MFA solution

  • Automates user provisioning workflows to ensure that changes in IdP are immediately reflected
  • Rich reporting features keep administration teams informed of authentication events

  • Simplified, self-service enrollment and device registration reduce demands on administrators
  • Complete cloud-based multi-factor authentication solution

Akamai MFA Use Cases

Learn more about a few common ways Akamai MFA is used.

Secure your workforce

FIDO2 MFA without the costs and complexities of physical security keys

Attackers are targeting your employees to compromise their accounts and are exploiting inherent security gaps in standard MFA solutions to bypass that additional security layer in your authentication process. FIDO2 is the security answer — but to get that, you need to buy, distribute, and manage physical FIDO2 security keys, which introduces complexity and increasing costs, and delivers a poor employee experience. Akamai MFA delivers all of the benefits of FIDO2-based multi-factor authentication, but without the costs and complexities of physical security keys, and delivers a delightful and frictionless end-user experience through a smartphone application.

Enable Zero Trust

The strongest available authentication and authorization protocol

Zero Trust Network Access (ZTNA) is a critical solution for companies that are moving to a Zero Trust architecture. Relying on single-factor authentication for employee logins based on username and password does not provide adequate security, especially if single sign-on (SSO) is being used with ZTNA. A single compromised user account can potentially give access to all the applications to which the SSO is linked.

Deploying Akamai Enterprise Application Access for secure access — together with Akamai MFA for strong authentication — enables organizations to quickly and easily deploy a strong and secure Zero Trust Network Access solution.

Achieve passwordless authentication

Phish-proof and frictionless MFA for a passwordless world

Poor password hygiene, such as using the same password for personal and corporate logins, is often the root cause in employee account takeover. Eliminating passwords as a primary authentication factor and replacing this with other factors, such as multi-factor authentication, is now supported by many identity as a service (IDaaS) providers. But replacing one insecure factor (passwords) with another insecure factor (i.e., standard push MFA, SMS, or one-time passwords) shifts, rather than solves, the security problem. 

Deploying Akamai MFA as a key component of your move to passwordless authentication provides a fully secure and frictionless passwordless experience for user authentication, and strengthens your identity and access management to verify that all logins are legitimate.

Frequently Asked Questions (FAQ)

Akamai MFA is a complete multi-factor authentication solution that is built around the FIDO2 standard. For an equivalent level of access management, an organization would need to first deploy a multi-factor authentication solution and then buy, distribute, and manage FIDO2 hardware security keys, which significantly increases costs and operational complexities. Hardware security keys often result in poor end-user experiences as people lose or forget their keys, which then requires additional calls to the IT help desk and reduces user productivity.


Akamai MFA delivers all the benefits of FIDO2-based multi-factor authentication, but without the costs and complexities of hardware security keys or smart cards. It delivers a delightful and frictionless end-user experience through a smartphone application.

The FIDO2 standard is an authentication method developed by the FIDO Alliance that contains two components: WebAuthn (W3C) and CTAP (FIDO Alliance). Key features of FIDO2 include:

  • Authentication credentials are based on private/public key pairs.
  • There are no shared secrets. The private key is generated by the FIDO2 authenticator, is stored in secure hardware on the authenticator, and cannot be exported or tampered with. Only the public key is sent to the server side (website) when registering.
  • Authentication challenges are delivered to the user agent (the browser), which adds context about the challenge, and then delivered to the attached FIDO2 authenticator, which allows detection of a machine in the middle.
  • Platform authenticators (tied to the platform and only usable on that device) and roaming authenticators (that can be used across any device) are both supported.

Akamai MFA supports standard platform authenticators (from Microsoft, Apple, and others) and roaming authenticators in the form of physical security keys. Akamai’s differentiator, however, is that the Akamai MFA mobile app turns a smartphone into a roaming FIDO2 authenticator — the FIDO2 phone security key. This capability delivers the following benefits:

  • FIDO2 security without the cost of physical FIDO2 security keys
  • Delightful end-user experience with an easy-to-use push notification presented on the smartphone
  • Minimal administrative effort, as there is only one authentication service to support, not one each for Windows and Apple operating systems

The Akamai MFA solution protects against employee account takeover by using FIDO2-based authentication factors to verify that end users’ logins are legitimate. Traditional authentication factors such as one-time passwords, passcodes, SMS, time-based one-time password, and push notifications have weaknesses that attackers can exploit to take over an employee account. FIDO2-based authentication factors do not have these weaknesses and are impervious to SIM-hijacking, machine-in-the-middle replay, push fatigue, and other exploit methods. You can further improve access management by adding biometric factors to the FIDO2 authentication factor.

Akamai MFA offers different authentication factors to support any use case. You can select the authentication factors you need for identity verification, including FIDO2 phone security key, other FIDO2 authenticators, standard push, time-based one-time password, one-time password or SMS. To further increase the security of the authentication process, you can configure the service to use biometric factors, such as facial recognition, in addition to the FIDO2 phone security key and standard push factors.

Cyberattacks often begin with threat actors who target identity and access management as the starting point. One common approach is to use sophisticated phishing emails that send employees to fake corporate login pages. These phishing emails will often be amplified with social engineering techniques — for example, calling the employee and claiming to be from IT. The threat actors then use the harvested user credentials to log in to the real corporate login page. In the event that standard push multi-factor authentication is being used, the employee will receive the push notification. If they accept this notification, then the threat actor has gained access.

Akamai MFA is based on FIDO2 authentication standards, which means that even if a threat actor has obtained an employee’s login credentials, the FIDO2 push notification will not be received by the employee. This ensures that threat actors cannot use compromised user credentials to gain user access.

Yes, you can use Akamai MFA to provide a multi-factor authentication solution to increase the security of your authentication policies for your VPN. The PacketFence Gateway is a software component that you can install in your environment to provide integration between VPN servers and other network devices. The integration uses Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), or Microsoft Active Directory (Microsoft AD) for primary authentication, and the ​Akamai MFA​ service as the secondary authenticator. By integrating ​Akamai MFA​ with PacketFence Gateway, you establish secure communication among users who are off-premises and use the VPN server or other network elements, such as firewalls and the corporate network.

The primary difference between multi-factor authentication and two-factor authentication is the number of factors required for authentication. Two-factor authentication uses two factors — for example, username and password. Multi-factor authentication uses more than two factors — for example, a username, password, and a one-time password, which provides a higher level of secure access.

A person with black glass is shown with their face lit by the light of a computer screen

Free trial: Try Akamai MFA for 60 days

Discover the benefits of Akamai MFA for yourself:

  • Create a seamless and secure authentication process by integrating Akamai MFA with market-leading IdP and IAM solutions like Microsoft Active Directory, Okta, and Ping Identity. 
  • Improve the security of your identity and access management to eliminate the risk of employee account takeover. 
  • Combine the strong authentication security of FIDO2-based multi-factor authentication with a delightful end-user experience using familiar push notifications.
     

Set up your 60-day free trial

  • Submit form
  • Confirm your email
  • Log in and set up your instance of Akamai MFA
     

Terms and restrictions apply.

Thank you for requesting a trial of Akamai MFA! We’ve sent an email request for you to verify your email address. Once verified, you’ll receive another email with your login credentials to get started.