Skip to main content

Connecting Vanta & Akamai

Updated today

Overview

Akamai is a content delivery network and cloud provider for edge security, application protection, and performance. Vanta integrates with Akamai to provide visibility into both domain security posture and user access. By connecting Akamai to Vanta, you can:

  • View managed domains in inventory, including DDoS, WAF, and bot management protections

  • Evaluate whether domain protections are enabled and properly configured

  • Sync users and groups via SCIM to support access visibility and offboarding checks

Use Cases

Connecting Akamai to Vanta enables you to:

  • Maintain an inventory of externally facing domains: Track domains managed by Akamai and view their protection status within Vanta.

  • Validate domain security controls: Ensure DDoS, WAF, and bot protections are enabled and actively enforced on production domains

  • Monitor protection posture over time: Identify domains that are unprotected, misconfigured, or operating in non-enforcement modes

  • Support audit and compliance requirements: Demonstrate that externally facing infrastructure is secured with appropriate controls

  • Review and manage user access to Akamai: Sync Akamai users and groups into Vanta to validate access and support offboarding checks

Prerequisites

Note: You can connect using either SCIM or EdgeGrid, depending on your use case. You may also choose to configure both if you want to enable both access visibility (SCIM) and domain security monitoring (EdgeGrid).

SCIM Authentication (user and group provisioning)

To connect via SCIM, you must have:

  • An Akamai account on an Enterprise plan

  • SSO enabled

    • Note: SCIM provisioning in Akamai requires SSO to be configured. If SSO is not yet enabled, set it up in your Akamai Identity & Access Management settings before connecting via SCIM.

  • Admin (or equivalent) access

  • A SCIM base URL

  • A provisioning key (bearer token) from a SCIM directory with at least one user (required for connection validation)

EdgeGrid API Authentication (domain inventory and security monitoring)

To connect via Edgegrid, you must have:

  • An Akamai account with API access to:

    • Property Manager (PAPI)

    • Application Security (App & API Protector)

  • The following EdgeGrid credentials:

    • Client token

    • Client secret

    • Access token

    • Host

Vanta uses these credentials in read-only mode to retrieve domain and security configuration data.

Setup guide

Option 1: Connect via SCIM (user and group sync)

Vanta uses SCIM to pull users and groups from your Akamai directory. These users appear in Vanta as Akamai accounts, allowing you to:

  • View who has access to Akamai

  • Link accounts to individuals in Vanta

  • Validate offboarding and access ownership

To connect via SCIM:

  1. Enter your SCIM base URL and provisioning key (bearer token) in Vanta.

  2. Ensure your SCIM directory contains at least one user for validation.

  3. Complete the connection flow in Vanta.

Option 2: Connect via Edgegrid API (domain monitoring)

Vanta connects to Akamai using EdgeGrid to retrieve domain and security configuration data. This includes:

  • Hostnames from Property Manager

  • Security configurations and match targets from App & API Protector

This data is represented in Vanta as domain inventory resources and used to evaluate domain protection status.

How Vanta processes domain data:

Vanta applies the following logic when ingesting Akamai data:

  • Only hostnames with a PRODUCTION network configuration are included.

  • Only security configurations with a production version are processed.

    1. Configurations without a production version are skipped.

  • Domains not routed through Akamai (lacking a production CNAME) are marked as having all protections bypassed.

If a hostname is part of multiple match targets, Vanta uses the last one encountered (a warning is logged for this occurrence).

Creating an API Client in Akamai (EdgeGrid)

  • Log into the Akamai Control Center with an Administrator account in the to set up the EdgeGrid API client.

  • In the Control Center, navigate to Identity & Access Management > Users and API Clients.

On this screen, select Create API client.

  • In the options, select Myself and then click Advanced.

  • In the Advanced screen, under the APIs menu, choose Select APIs.

  • Unselect all permissions, then select only the following READ-ONLY permissions:

    • Application Security

    • Property Manager (PAPI).

  • Click Create API client, review the configuration and then download the credentials.

Important: The API client credentials are only displayed at the time of creation. Make sure to copy or download the credentials before leaving this page. Once you close or navigate away, you will not be able to view them again and will need to generate a new API client.

Connect Edgegrid credentials in Vanta

  • In Vanta, navigate to Integrations.

  • Search for Akamai under Available Integrations section, click View details, and then select Connect.

Screenshot

  • Select the EdgeGrid API auth method and click Next.

  • Enter the credentials from the downloaded file:

    • Client token

    • Client secret

    • Access token

    • Host

  • Click Done. Vanta will begin fetching data from Akamai on a recurring basis.

Domain Security Monitoring

Once connected, you can use the Akamai integration to monitor your registered domains.

Vanta evaluates each domain to confirm that the following protections are enabled:

  • DDoS protection

  • Web Application Firewall (WAF)

  • Bot management protections