Test the F5 BIG IP integration

To test the integration:

Flow

There are two configuration tests for the flows, shown in the following network diagram.

The following detailed sequence is illustrated in this diagram.

  1. The user signs in with Username/Password.
  2. The gateway receives data and forwards through Radius to Okta RADIUS Server Agent.
  3. Okta RADIUS Server Agent sends to Okta Identity Cloud.
  4. Okta Identity Cloud determines the Authentication source and responds or forwards to an on-premises directory agent.
  5. Optional: The directory Agent sends the password to the directory.
  6. Optional: The directory confirms the password.
  7. Optional: Directory Agent confirms the password to Okta Identity Cloud.
  8. Okta Identity Cloud evaluates the authentication policy. If required, Okta sends a message to the Okta RADIUS Server Agent to challenge the user for a factor.
  9. The Okta RADIUS Server Agent relays the challenge message to the Gateway.
  10. The Gateway displays a message to select a factor to the user.
  11. The user supplies the desired factor.
  12. Gateway receives data and forwards through Radius to Okta RADIUS Server Agent.
  13. Okta RADIUS Server Agent sends to Okta Identity Cloud.
  14. Okta Identity Cloud evaluates the choice and triggers the appropriate response (push message shown).
  15. A push message is received and the user responds.
  16. A success message is returned to the Okta RADIUS Server Agent.
  17. A success message returned to the gateway.
  18. Connected.

Test with the BIG-IP Edge Client

  1. Open the BIG-IP Edge Client.
  2. Select the server, and enter your username, password, and factor (OTP value or out of band keyword), as shown.

    The username must be in the format you specified when you added the app in Okta.

  3. Click Connect.

    When using SMS or call, the first login fails, but triggers the delivery of a call or SMS code. Initiate another sign-in with that information. The image in step 2 shows the failure message. This is expected.

  4. After successfully completing the challenge you're connected. If you entered an incorrect value or take too long to respond to the push notification, you receive the message to try again.

Test Clientless VPN with F5 web portal

  1. Go to the F5 portal.

  2. Select the server and enter your username, password, and factor (OTP value or out of band keyword), as shown. The username must be in the format you specified when you added the app.

  3. Click Logon.

    When using SMS or call, the first login fails, but triggers the delivery of a call or SMS code. Initiate another login with that information.

  4. After successfully completing the challenge, you're connected. If you entered an incorrect value or take too long to respond to the push notification, you receive the message to try again.