SAML vs RADIUS interoperability
Some integrations interoperate with Okta through either RADIUS or SAML 2.0. The following screen shots compare the two end-user experiences.
SAML end-user experience
RADIUS end-user experience
The Yubikey factor doesn't appear in the menu as an option.
The end user must enter the Yubikey code into the Response field and click Continue.
There are several advantages to using SAML integrations when available.
- SAML provides a rich, intuitive and consistent login experience. RADIUS interacts with a text-based challenge with inconsistent formatting. Using SAML can reduce user training and support requirements and the consistent sign in experience with SAML makes users less susceptible to phishing attempts.
- SAML integrations provide more security as credentials are exposed to fewer parties.
- SAML integrations run with a simplified infrastructure. The do not require running on-premise agents and require little maintenance. The user agent (web browser, VPN client, etc.) is used to transmit messages in a secure manner; therefore, there is no need for the service provider (firewall or application server) to connect to Okta. Federation is established through a one-time exchange of SAML metadata. This one-time setup establishes trust for ongoing transactions.
- Okta SAML integrations are very robust and include adaptive MFA and provisioning.