Configure Akamai with Azure Active Directory B2C
In this sample article, learn how to enable Akamai Web Application Firewall (WAF) solution for Azure Active Directory B2C (Azure AD B2C) tenant using custom domains. Akamai WAF helps organization protect their web applications from malicious attacks that aim to exploit vulnerabilities such as SQL injection and Cross site scripting.
This feature is in public preview.
Benefits of using Akamai WAF solution:
An edge platform that allows traffic management to your services.
Can be configured in front of your Azure AD B2C tenant.
Allows fine grained manipulation of traffic to protect and secure your identity infrastructure.
To get started, you'll need:
An Azure subscription. If you don't have a subscription, you can get a free account.
An Azure AD B2C tenant that is linked to your Azure subscription.
An Akamai WAF account.
Akamai WAF integration includes the following components:
Azure AD B2C Tenant – The authorization server, responsible for verifying the user’s credentials using the custom policies defined in the tenant. It's also known as the identity provider.
Azure Front Door – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Akamai WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
Akamai WAF – The web application firewall, which manages all traffic that is sent to the authorization server.
Integrate with Azure AD B2C
To use custom domains in Azure AD B2C, it's required to use custom domain feature provided by Azure Front Door. Learn how to enable Azure AD B2C custom domains.
After custom domain for Azure AD B2C is successfully configured using Azure Front Door, test the custom domain before proceeding further.
Onboard with Akamai
Sign-up and create an Akamai account.
Create and configure property
Configure the property settings as:
Property Value Property version Select Standard or Enhanced TLS (preferred) Property hostnames Add a property hostname. This is the name of your custom domain, for example,
Create or modify a certificate with the appropriate settings for the custom domain name. Learn more about creating a certificate.
Set the origin server property configuration settings as:
Property Value Origin type Your origin Origin server hostname yourafddomain.azurefd.net Forward host header Incoming Host Header Cache key hostname Incoming Host Header
Create a CNAME record in your DNS such as
login.domain.com that points to the Edge hostname in the Property hostname field.
Configure Akamai WAF
Ensure that Rule Actions for all items listed under the Attack Group are set to Deny.
Learn more about how the control works and configuration options.
Test the settings
Check the following to ensure all traffic to Azure AD B2C is going through the custom domain:
- Make sure all incoming requests to Azure AD B2C custom domain are routed via Akamai WAF and using valid TLS connection.
- Ensure all cookies are set correctly by Azure AD B2C for the custom domain.
- The Akamai WAF dashboard available under Defender for Cloud console display charts for all traffic that pass through the WAF along with any attack traffic.
Submit and view feedback for