Configure Akamai to Send Supplemental Signals
Before you start
To configure Akamai to send supplemental signals to your Auth0 tenant, you must configure Akamai as a reverse proxy.
Auth0 Supplemental Signals is currently in Early Access.
By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0 product release stages, read Product Release Stages.
If you use Akamai Bot Manager and/or Akamai Account Protector, you can configure your reverse proxy in Akamai to send the results to Auth0 and make them available in Actions.
Supported login flows
Auth0 currently supports the following login flows for Akamai supplemental signals:
Universal Login: Identifier + Password
Step 1: Register an API in Akamai
For Akamai to know when login attempts succeed or fail, you’ll need to register an API in Akamai, and then define an endpoint for each Auth0 login flow you’d like to support.
To learn more, read Register an API on Akamai TechDocs and Add API resources on Akamai TechDocs.
New Universal Login Identifier + Password
Use the following values to register your API in Akamai:
| Property | Value |
|---|---|
| API base path | /u |
| API key location | Header |
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/u/login/password/u/signup/u/signup/password
The process is the same for all endpoints, but the configuration values differ slightly.
Add API resource
Use the following values to configure a resource on your Akamai API:
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /login/password |
| Methods | POST |
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /signup |
| Methods | POST |
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /signup/password |
| Methods | POST |
Add parameters to methods
After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.
Use the following values to define the Request body parameter:
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"state"
],
"properties": {
"state": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"username": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"password": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"action": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
}
}
}
}
},
"required": true
}
}Was this helpful?
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"password": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
}
}
}
}
},
"required": true
}
}Was this helpful?
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"email"
],
"properties": {
"email": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256,
"description": "email"
}
}
}
}
},
"required": true
}
}Was this helpful?
New Universal Login Identifier First
Use the following values to register your API in Akamai:
| Property | Value |
|---|---|
| API base path | /u |
| API key location | Header |
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/u/login/u/signup/u/signup/password
The process is the same for all endpoints, but the configuration values differ slightly.
Add API resource
Use the following values to configure a resource on your Akamai API:
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /login |
| Methods | POST |
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /signup |
| Methods | POST |
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /signup/password |
| Methods | POST |
Add parameters to methods
After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.
Use the following values to define the Request body parameter:
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"state"
],
"properties": {
"state": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"username": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"password": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"action": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
}
}
}
}
},
"required": true
}
}Was this helpful?
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"password": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
}
}
}
}
},
"required": true
}
}Was this helpful?
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"email"
],
"properties": {
"email": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256,
"description": "email"
}
}
}
}
},
"required": true
}
}Was this helpful?
ROP
Use the following values to register your API in Akamai:
| Property | Value |
|---|---|
| API base path | None. |
| API key location | Header |
After you’ve created your API, you’ll need to add an API resource for each of the following Auth0 endpoints:
/oauth/token
Add API resource
Use the following values to configure a resource on your Akamai API:
| Property | Value |
|---|---|
| API undefined parameters | Specific (Request body) |
| Path | /oauth/token |
| Methods | POST |
Add parameters to methods
After you’ve created your API resource, you’ll need to define the Request body parameter so Akamai can parse login requests properly.
Use the following values to define the Request body parameter:
| Property | Value |
|---|---|
| Format | JSON |
| Required | Yes |
| Define body format | Yes |
| Schema details | See below. |
{
"requestBody": {
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"type": "object",
"required": [
"username",
"password",
"grant_type"
],
"properties": {
"username": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"password": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"grant_type": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"client_id": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"client_secret": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"audience": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
},
"scope": {
"type": "array",
"items": {
"type": "string"
},
"maxItems": 256
}
}
}
}
},
"required": true
}
}Was this helpful?
Step 2: Forward bot and user risk results from Akamai to Auth0
Configure Akamai to forward bot results
To configure Akamai to forward bot results to Auth0, read Forward Bot Results to Origin on Akamai TechDocs.
The akamai-bot header may not always be present. If Akamai’s upstream rules determine that the requestor is not a bot, Akamai does not include the header in the forwarded request.
Configure Akamai to forward user risk results
To configure Akamai to forward user risk results to Auth0, read Forward User Risk Results to Origin on Akamai TechDocs.
If Akamai is not properly configured to send bot results to Auth0, Akamai will not include the akamai-user-risk header in requests forwarded to Auth0.
The akamai-user-risk header may not be present on every login request, as Akamai only sends the header when it creates a user risk score.
Step 3: Enable processing of Akamai headers in Auth0
You can configure Auth0 to accept supplemental signals sent from Akamai in the Auth0 Dashboard or with the Auth0 Management API.
To enable supplemental signals in the Dashboard:
Select Supplemental Signals.
Enable the toggle for Enable Akamai headers.
To enable supplemental signals with the Management API:
Get a Management API access token with the
update:attack_protectionscope.Call the Management API Update the supplemental signals configuration for a tenant endpoint with the following body:
{ "akamai_enabled": true }Was this helpful?
/
Step 4: Test and verify configuration
Test your configuration by calling each endpoint for the login flow(s) you have configured.
If you’ve configured everything properly:
The
akamai-user-riskandakamai-botheaders will be present in your tenant logs for related events.You can use the following properties in the post-login Action
eventobject:authentication.riskAssessment.supplemental.akamai.akamaiBotauthentication.riskAssessment.supplemental.akamai.akamaiUserRisk