Installing and Configuring the Okta RADIUS Server Agent

The Okta RADIUS server agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. delegates authentication to Okta using single-factor authentication (SFA) or multi-factor authentication (MFA). It installs as a Windows service and supports the Password Authentication Protocol (PAP).

For best practices, see Okta RADIUS Server Agent Deployment Best Practices.

A RADIUS clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. sends the RADIUS agent the credentials (username and password) of a user requesting access to the client. From here, authentication depends on your orgThe Okta container that represents a real-world organization.'s MFA settings.

  • If MFA is not enabled and the user credentials are valid, the user is authenticated.
  • If MFA is enabled and the user credentials are valid, the user is prompted to select a second authentication factor. The user selects one (e.g., Google Authenticator or Okta Verify) and obtains a request for a validation code. If the code sent back to the client is correct, the user gains access.

Note: Some applications or services (i.e. AWS Workspace) do not actually provide an MFA selection upon login, but instead ask for the MFA code in addition to the user's username and password. In the event that the user has enrolled in more than one MFA (i.e. Okta Verify and Yubikey), there is no need for the user to specify which they are using – their entered code will be processed by each handler until it is validated successfully.

Top