Configure Okta RADIUS agent properties
You can override the defaults on the following properties, if desired.
Changes to the RADIUS AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. config.properties are only loaded on agent restart.
Always restart your agent after changing config.properties.
- Open the folder where the Okta RADIUS agent resides. The default installation folder is C:\Program Files (x86)\Okta\Okta RADIUS Agent\.
- From this folder, navigate to current\user\config\radius\config.properties. Before making changes, we recommend creating a back up of this file. Using a text application such a Notepad, open the file current\user\config\radius\config.properties residing in the Okta RADIUS agent installation folder.
- Configure any of the properties shown below, as required.
- When done, save the file.
- Any changes are effective after restarting the Okta RADIUS Agent service using the available Windows administrative tools.
Property Description Default
The maximum number of HTTP connections in the connection pool. 20
The number of authentication worker threads available for processing requests. 15
The maximum time the RADIUS agent is allowed to process a UDP packet after it has arrived from the RADIUS clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .
For the Okta Verify with Push factor the actual value is interpreted by the RADIUS agent as one half (1/2) of the configured value.
For example: 60000 =60 seconds, divided in half =30 seconds.
For all other factors the value is used as specified.
The socket timeout to set on the Okta API request. This property only applies if configured; otherwise, it is computed dynamically based on the total request timeout setting.
Dynamic, based on remaining TTL for request
The maximum time the RADIUS agent is allowed to process a UDP packet after it has arrived from the RADIUS client.
If specified, ragent.total.request.timeout.millisecond is ignored.
If not specified, default is to use ragent.total.request.timeout.millisecond.
Available since version 2.9.4.
N/A defaults to value specified by ragent.total.request.timeout.millisecond
The timeout response mode. Possible values include:
SEND_REJECT_ALWAYS- agent sends a reject message to the client after any timeout..
SEND_REJECT_ON_POLL_MFA- agent sends a reject message to the client if a timeout occurs during the MFA polling loop only (i.e. while the agent is polling Okta to determine if the user has correctly responded to an MFA challenge such as a push notification). If a timeout occurs at any other time, no response will be sent to the client.
NO_RESPONSE- no response will be sent to the client when the agent times out.
Time, in seconds, that the agent will wait for the client to respond to an MFA challenge such as factor selection. 60