Install the RADIUS Windows agent

During this step we install the Windows RADIUS agent.

When installing the RADIUS Agent, you must be logged in to an account that either has both Read-only Admin, and App admin roles, or has the Super admin role.

In addition, Okta recommends the use of dedicated service account to authorize RADIUS agents. A dedicated account ensures that the API token used by the RADIUS agent is not tied to the life-cycle of a specific user account which could be deactivated when the user is deactivated. In addition, service accounts used for RADIUS agents must be given appropriate admin permissions.

Refer to the Administrators permission table (MFA section) for specific permissions required.

  1. From your Administrator Dashboard, select SettingsDownloads.

  2. Scroll to Okta RADIUS Server Agent (EXE) and click Download Latest.

  3. Run the installer. Click Next on each of the initial, Important Information, and License Information screens.

  4. Choose a location for the Installation folder and click Install.

  5. On the Okta RADIUS Agent Proxy Configuration screen, you can optionally enter your proxy information. Click Next.

  6. On the Register Okta RADIUS Agent screen, enter the complete URL for your org (for example, For testing in your preview org, you can enter the URL for your Okta Preview Sandbox org (for example,

  7. Click Next to continue to an Okta Sign In page.
  8. Sign in to the service-specific Okta account.
  9. Click Allow Access.
  10. Click Finish to complete the installation.

    If during the agent installation you encounter Error code 12: Could not establish trust relationship for the SSL/TLS service channel, ensure that you are running the latest version of the agent as older agent versions do not support TLS 1.2.

  11. Configure a RADIUS app in Okta, which includes the RADIUS agent port, shared secret, and advanced RADIUS settings. For more information about configuring RADIUS apps, see RADIUS applications in Okta