Add the NetMotion Mobility app

This topic describes how to add the NetMotion Mobility app and then assign it to groups.

Before you begin

Ensure that you have the required common UDP port and secret key values available.

Add the app

  1. In the Admin Console, go to ApplicationsApplications.
  2. Click Browse App Catalog.
  3. Search for NetMotion Mobility (RADIUS), select it, and then click Add Integration.
  4. Enter a unique app label, and then click Next.
  5. Select the Sign-On Options tab, and then do the following actions:
    1. Select the Authentication checkbox.
    2. Enter a UDP Port number, like 1812. The UDP port values of the app and the client gateway must match.
    3. Enter the Secret Key to use to encrypt the user password. The secret key for the app and the client gateway must match.
    4. Select an appropriate username format from the Application username format dropdown list.
  6. Enable an authentication protocol:
    1. Scroll to the Authentication Protocol section of the Sign On tab.
    2. Click Edit.
    3. Select an authentication protocol:
      • Use EAP-GTC authentication: Upload the server certificate chain and entity private key. See About certificates. Enter the password used to protect the certificate and key. Okta recommends password-protecting certificates and keys. Select the TLS version.
      • Use PAP authentication: Select this option to use Password Authentication Protocol (PAP) authentication. When you select this option, the Require Message-Authenticator for incoming client requests checkbox appears. Select this option to require and verify the Message-Authenticator attribute and create a more secure authentication process.
    4. Click Save.
  7. Enable authentication with Active Directory (AD) UPN or the AD SAM account name:
    1. Scroll to the Advanced RADIUS Settings section of the Sign-On Options tab.
    2. Click Edit.
    3. In the Authentication section, select Enable UPN or SAM Account Name Login.

      Users assigned to this app must have their username set to the AD user principal name before you can assign the RADIUS app to them.

      The SAM account name must have the same prefix as the UPN.

    4. Click Save.
    5. Scroll to the Settings section of the Sign-On Options tab.
    6. Click Edit.
    7. Select Email from the Application username format dropdown list to import users with their full username@domain.com value.
    8. Click Save.

Assign app to groups

For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.

Enabling EAP-GTC requires that the RADIUS agent be restarted.
Once complete, restart the RADIUS agent.