Autopush for RADIUS

Autopush for RADIUS allows you to use Okta Verify when it's not possible for an end user to opt-in. The Okta Verify with Push experience has been popular with admins for its high security implementation. The option for an end user to opt in for an automatic push has increased end-user satisfaction by eliminating the need to manually request a push. In some use cases, the end user is unable to opt in as this behavior is stored in a browser cookie. To bridge this gap, Okta's Autopush for RADIUS enables an admin to configure the behavior without requiring end users to opt in.

Autopush for RADIUS is compatible with the following:

  • Okta VPN integrations supported by RADIUS
  • Okta's Generic RADIUS app

Prepare

Before you begin, complete the following:

  1. Implement either an Okta VPN (using RADIUS) or the Okta Generic RADIUS App in your Okta Preview test environment. See RADIUS integrations for a complete list of integrations.

  2. Configure an app-based sign on policy for the application to require MFA on authentication.
  3. Enable Okta Verify with Push for your Okta preview test environment.
  4. Assign a test user to the configured app and enroll the test user in Okta Verify.

Enable RADIUS Autopush

  1. In Okta, navigate to Applications > Applications.
  2. Open the target application by clicking its name.
  3. Select the Sign On tab.
  4. Scroll to Advanced RADIUS Settings and click Edit.
  5. Select Accept password and security token in the same login request. This setting is required to support automatic push. It permits access with alternative MFA if a user is unable to acknowledge the push.
  6. Select Permit Automatic Push for Okta Verify Enrolled Users.

  7. Click Save.

Test

Test the integration by performing an authentication with your test user against the configured RADIUS app or RADIUS-enabled VPN. No other testing is necessary.