Okta RADIUS Server Agent Deployment Best Practices

This topic describes best practices when deploying the Okta RADIUS Server agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. While the topic uses the Cisco ASA VPN as a VPN Device and F5 as the Load Balancer, customers may replace these with other similar products configured adequately.

For installation information, see Installing and Configuring the Okta RADIUS Server Agent.

For information on the Okta RADIUS appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., see Using the Okta RADIUS App.The app distinguishes between different RADIUS-enabled apps and supports them concurrently by setting up an Okta RADIUS app for each configuration and supports policy creation and then assigning RADIUS authentication to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.. With the Okta RADIUS App, you can configure a RADIUS-enabled app to only use the second factor in multifactor authentication (passwordless mode).