Enabling the Agent
During this task we will enable the appropriate On-Prem MFA or RSA SecurID agent.
To enable the On-Prem MFA agent or RSA SecurID, complete the following steps:
- From your Administrative Dashboard navigate to Security > Multifactor.
- Select the Factor Types tab.
- Click the Edit button. The On-Prem MFA factor is not selectable at this time, unless you have set up this factor previously. Select either the RSA SecurID link or the Custom link to continue; the boxes are not selectable, unless you have set up the factor previously.
For RSA SecurID
- In the RSA Security Console, click RADIUS> RADIUS Clients> Add New.
- Enter Client Name.
- Do not Select Any Client.
- In the IP Address Type field, select the RADIUS client IP address type that is required by your agents.
- Select IPv4 or IPv6.
- In the IPvX Address field, enter the IP address of the okta MFA client.
- In the Make/Model drop-down list, select the Standard Radius type of RADIUS client.
- In the Shared Secret field, enter: yoursecretpassphrasehere.
- Select Client Status.
- In the Notes field, enter whatevernotesyouwanttoputinRSA.
- Click Save and Create Associated RSA Agent.
- On the next screen, click Save Agent.
a. Inactivity Time = 10 (suggested value from RSA).
Repeat as needed for backup servers.
For Custom
- Click the On-Prem MFA link in the Configure information box.
- On the On-Prem MFA page, click the Edit button in the On-Prem Multifactor Authentication Settings section.
- Enter the on-prem provider name.
- Select the preferred provider username format.
- Enter the Hostname, Authentication port, and Shared secret fields.
- Custom On-prem provider name: This is the name that appears to end users during their login challenge.
- Provider username format: Select the format expected by the provider.
Note
Custom is not supported with On Prem MFA.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (e.g., 1812). This is defined when the On-Prem RADIUS server is configured.
- Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click the Add New Agent link.
- Click the Save button.