Skip to main content

Okta RADIUS integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple solution for adding multi-factor authentication (MFA) to Okta via its Radius solution. This step by step integration instruction illustrates how to configure both Okta and Acceptto appliances using RADIUS.

This document describes step by step of Acceptto MFA integration with Okta using Radius agents.

Prerequisites

  • Acceptto RADIUS Agent that is configured and connected to your user directory. For example, Microsoft Active Directory (AD).

    For more information, see the Acceptto RADIUS deployment guide.

  • A user with administrative privileges for the Okta Dashboard.

Configure the Acceptto RADIUS Agent

To integrate Acceptto with your Okta dashboard, you will need to install an Acceptto RADIUS Agent on a machine within your network. This server will receive RADIUS requests from your Okta, check with LDAP server to perform primary authentication, and then contact Acceptto cloud service for secondary authentication.

  1. Login to the Acceptto RADIUS Agent with an administrative user and open the radius-agent-config.env file with an editor. It is located in the installed directory of RADIUS Agent. RADIUS clients are configured in this setting.

    Acceptto RADIUS agent
  2. Go to the bottom of radius-agent-config.env file and change the ARA_CLIENTS attribute as follows. The values should be separated by semicolons (;).

    ARA_CLIENTS = An optional name for your Okta;IP address of your Okta agent; a shared secret

    An example configuration might look like this:

    ARA_CLIENTS = Okta;192.168.10.10/32;testing12345

    ARA_CLIENTS configuration
  3. Save file and run the following command for set changes: docker-compose down && docker-compose up -d

Okta configuration

  1. Log in to your Okta organization URL with an administrative account. Then, go to the Security tab and select Multifactor.

  2. Navigate to On-Prem MFA > Edit and click on Enable ON-Prem MFA.

    okta_enable_mfa.png
  3. Fill the fields based on the following table and click Add New Agent.

    • Provider Name - Optional. (e.g. Acceptto MFA)

    • Provider username format - Okta username prefix

    • Hostname - The hostname or IP address of the Acceptto agent.

    • Authentication port - The port is configured for RADIUS in Acceptto Radius. Default is 1812.

    • Shared Secret - RADIUS shared key in Acceptto RADIUS Agent.

    okta_mfa_settings.png
  4. Download the Agent, copy, and keep your Instance ID number, and click Save.

    okta_agent_dl.png

Install Okta Agent

  1. Run the agent you downloaded earlier on a machine that can communicate with Acceptto RADIUS Agent through RADIUS protocol. Proceed with Next.

    okta_on_prem_agent.png
  2. You can change the Installation Folder.

    okta_install_folder.png
  3. Enter the Instance ID number you got earlier from Okta and click Next.

    okta_instance_id.png
  4. Enter your Okta Organization URL and click Next.

    okta_org_url.png
  5. You will be redirected to your Okta instance and need to Sign In with your credentials.

    okta_login.png
  6. Select Allow Access.

Configure Okta Groups and Policy

  1. Log in to your Okta organization URL with an administrative account. Then, go to the Directory tab and select Groups from the dropdown menu. Assume that you have a group named MFA, then add users that you want to authenticate with Acceptto MFA to this group.

    okta_groups.png
  2. Navigate to Security and Authentication. Then, select the Sign On tab and click Add New Okta Sign-On Policy.

    okta_new_sign_on.png
  3. In the “Add Policy” window, give a name in the “Policy Name” field and Assign to Groups containing your MFA users. Then click Create Policy and Add Rule.

    okta_add_policy.png
  4. In the “Add Rule” give the rule a name and set up its criteria based on your requirements. Click on the Create Rule button to continue.

    okta_policy_settings.png

Test your application integration

  1. Sign in to your Okta organization URL with the credentials needed to pass Acceptto MFA authentication.

  2. Okta shows a “set up multi factor authentication” window. Select Acceptto MFA and continue with the proper credentials.

    okta_set_up_mfa.png

    You will get a push on your It’sMe app. Accept it and finish the setup.

    okta_acceptto_mfa.png
  3. At the next login, you will be redirected to the Acceptto MFA window as the second factor of authentication. After providing your passcode (your Active Directory password), you’ll receive a push notification on your It’sMe mobile application to authorize access to your Okta dashboard.

    okta_acceptto_login.png
    itsme-transaction.png

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

Okta is either registered trademarks or trademarks of Okta, Inc. and/or one or more of its subsidiaries in the United States and/or other countries.

Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.