Add and configure On-Prem MFA/RSA SecurID

Before installing the agent, you must configure:

  • MFA factors
  • RSA SecurID or On-Prem MFA

Configure factors

  1. Sign in to your Okta tenant as an administrator.
  2. Navigate to Security > Multifactor.
  3. Select the Factor Types tab.
  4. Select either On-Prem MFA or RSASecurID.
  5. Click the Edit button.

Configure On-prem MFA

  1. Select the Factor Types tab.
  2. Select the On-Prem MFA factor, and click the Edit.
  3. Enter the following fields:
    • Provider name: This is the name that appears to end users during their login challenge.
    • Provider username format: Select the format expected by the provider.
      Info

      Note

      Custom is not supported with On Prem MFA.

    • Hostname: The server host name or IP address.
    • Authentication Port: The RADIUS server port (for example 1812).
      This is defined when the On-Prem RADIUS server is configured.
    • Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
  4. Click Add New Agent.
    Note the value of the Instance ID.
    You're also Provided a download link for the on-prem MFA agent installer.
  5. Click the Save.
  6. Change the factor state to Active if required.

Configure RSA SecurID

  1. Select the Factor Types tab.
  2. Select the RSA SecurID factor, and click the Edit.
  3. If prompted click Enable RSA SecurID, then click Edit.
  4. Enter the following fields:
    • RSA username format: Select the format expected by the provider.
    • Hostname: The server host name or IP address.
    • Authentication Port: The RADIUS server port (for example 1812).
      This is defined when the On-Prem RADIUS server is configured.
    • Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
  5. Click Add New Agent.
    Note the value of the instance ID.
    You're also provided a download link for the agent installer.
  6. Enable or Disable as required.
  7. Click Save.