Okta RADIUS Server Agent flow

The following diagram demonstrates the Okta RADIUS Server Agent authentication flow:

Diagram of the Okta RADIUS server architecture and flow.
  1. User sends credentials to VPN device connected to Okta using RADIUS.
  2. VPN device forwards user credentials to the Okta RADIUS Server Agent.
  3. Okta RADIUS Server Agent uses Okta APIs to validate credentials.
  4. Okta validates user credentials.
  5. Okta APIs respond with MFA challenge based on configured policy.
  6. RADIUS Server Agent sends challenge to VPN device.
  7. VPN device presents RADIUS challenge to end user.
  8. VPN device sends RADIUS challenge response to Okta RADIUS.
  9. Okta RADIUS sends response to Okta APIs to be validated.
  10. Okta APIs determine whether to accept the response.
  11. Okta RADIUS sends either ACCEPT or REJECT to the VPN device.