Add and configure On-Prem MFA/RSA SecurID
Before installing the agent, you must configure:
- MFA factors
- RSA SecurID or On-Prem MFA
Configure factors
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, go to .
- Select the Factor Types tab.
- Choose On-Prem MFA or RSASecurID.
-
Click Edit.
Configure On-prem MFA
- Select the Factor Types tab.
- Select the On-Prem MFA factor, and click Edit.
- Enter the following fields:
- Provider name: This is the name that appears to end users during their login challenge.
- Provider username format: Select the format expected by the provider.
Custom is not supported with On Prem MFA.
- Hostname: The server host name or IP address of the RSA server.
- Authentication Port: The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click Add New Agent. Note the value of the Instance ID. You're also provided with a download link for the on-prem MFA agent installer.
- Click Save.
- Change the factor state to Active, if required.
Configure RSA SecurID
- Select the Factor Types tab.
- Select the RSA SecurID factor, and click Edit.
- If prompted, click Enable RSA SecurID, then click Edit.
- Enter the following fields:
- RSA username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example, 1812). This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- RSA username format: Select the format expected by the provider.
- Click Add New Agent. Note the value of the instance ID. You're also provided with a download link for the agent installer.
- Enable or Disable as required.
- Click Save.
Ensure that you've configured a RADIUS client on the RSA server and that the client is configured to reference the server that's running the Okta RADIUS agent.