Configure Cisco Meraki to interoperate with Okta via RADIUS
This guide details how to configure Cisco Meraki wireless access points to use the Okta RADIUS Server Agent and EAP-TTLS.
For details of the flow between Okta, the RADIUS agent and Cisco Meraki see Cisco Meraki RADIUS integration flow.
Contact Okta Support to have EAP-TTLS support enabled for your Okta org.
Before installing the Okta RADIUS Agent ensure that you have met these minimum requirements for network connectivity:
|Okta RADIUS Agent||Okta Identity Cloud||TCP/443
|Configuration and authentication traffic|
|Client Gateway||Okta RADIUS Agent||UDP/1812 RADIUS (Default, may be changed in RADIUS app install and configuration)||RADIUS traffic between the gateway (client) and the RADIUS Agent (server)|
On using MFA with Cisco Meraki
Okta doesn't recommend using MFA with EAP-TTLS and it has been disabled by default in the Cisco Meraki RADIUS app policy.
While technically possible, MFA with EAP-TTLS may not work correctly due to:
- Timeout and retry configurations on the router and supplicants which cause several push requests to be sent unless the end-user accepts the first push notification quickly.
- Roaming between access points within a zone works with static passwords works as expected, but will result in MFA re-prompts unless Pairwise Master Key caching and Opportunistic Key caching are correctly configured to prevent RADIUS re-authentication.
|Download the RADIUS agent||
|Install the Okta RADIUS Agent.|
|Configure optional settings||