Configure the Sophos USM gateway

This topic describes how to configure Sophos USM to use the Sophos UTM RADIUS OIN app. There are four parts to this configuration:

Before you begin

In the Sophos UTM Web Admin Console, go to Definitions & UsersAuthentication Services.
Click Add to define a new RADIUS server.
On the Global Settings tab, select Create users automatically.
In the Automatic User Creation for Facilities section, select the appropriate facilities for your environment. Select Client Authentication and End-User Portal.

In the Sophos UTM Web Admin Console, go to Definitions & UsersAuthentication Services.
Select the Servers tab.
Click New Authentication Server and enter the following information:
- Backend: Select RADIUS.
- Postion: Select Top.
- Server: Enter a unique and descriptive name, like OktaMFA.
- Type: Enter the Host.
- IPv4 address: Enter the IP address of the Okta RADIUS Server Agent.
- Interface: Select the appropriate interface for your environment.
- Port: Enter the UDP port that you want to use.
- Shared secret: Enter the secret key that you want to use.
- Authentication timeout (sec): Enter the length of the timeout period in seconds.
Click Save.

In the Sophos UTM Web Admin Console, go to Definitions & UsersUsers & Groups.
Select the Groups tab.
Click New Group.
Enter the following information in the Add Group section:
- Group name: Enter a unique and appropriate name, like Okta RADIUS Users.
- Group type: Select Backend membership.
- Backend: Select RADIUS.
Click Save.

In the Sophos UTM Web Admin Console, go to Remote Access.
Select the desired connection method from the menu.
Click New HTML5 VPN Portal Connection... or use an existing connection.
Add the group that you created in Create a RADIUS back-end group to the Users and Groups or Allowed Users (Userportal) list.