Add and configure On-Prem MFA/RSA SecurID

Before installing the agent, you must configure:

Configure factors

Select the Factor Types tab.
Select the On-Prem MFA factor, and click the Edit.
Enter the following fields:
- Provider name: This is the name that appears to end users during their login challenge.
- Provider username format: Select the format expected by the provider.
  Note
  Custom is not supported with On Prem MFA.
- Hostname: The server host name or IP address of the RSA server.
- Authentication Port: The RADIUS server port (for example 1812).
  This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
Click Add New Agent.
Note the value of the Instance ID.
You're also Provided a download link for the on-prem MFA agent installer.
Click the Save.
Change the factor state to Active if required.

Select the Factor Types tab.
Select the RSA SecurID factor, and click the Edit.
If prompted click Enable RSA SecurID, then click Edit.
Enter the following fields:
- RSA username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example 1812).
  This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
Click Add New Agent.
Note the value of the instance ID.
You're also provided a download link for the agent installer.
Enable or Disable as required.
Click Save.

Ensure you have configured a RADIUS client on the RSA server and that client is configured to reference the server running the Okta RADIUS agent.