Enable the Transport Layer Security 1.2 protocol

The Transport Layer Security (TLS) v1.2 protocol is required to install the Linux and Windows Okta Provisioning Agent.


To enable TLS version 1.2, you must access the Java Control Panel to change the JRE.

  1. Download and install the Okta Provisioning Agent. See Install the Okta Provisioning Agent.
  2. Edit /opt/OktaProvisioningAgent/conf/settings.conf.
  3. Change the arguments passed to the agent by adding Dhttps.protocols=TLSv1.2 to JAVA_OPTS, similar to the following:JAVA_OPTS="-Xmx4096m -Dhttps.protocols=TLSv1.2"
  4. Save settings.conf.


TLS version 1.2 is enabled by default on most Windows systems.

Systems running earlier versions, such as Windows Server 2012 (non-R2), may not have TLS 1.2 enabled. To enable TLS 1.2 on those systems, see How to enable TLS 1.2.

Next steps

Install the Okta Provisioning Agent