Add and configure On-Prem MFA/RSA SecurID
Before installing the agent, you must configure:
- MFA factors
- RSA SecurID or On-Prem MFA
Configure factors
- Sign in to your Okta tenant as an administrator.
- Navigate to Security > Multifactor.
- Select the Factor Types tab.
- Select either On-Prem MFA or RSASecurID.
- Click the Edit button.
Configure On-prem MFA
- Select the Factor Types tab.
- Select the On-Prem MFA factor, and click the Edit.
- Enter the following fields:
- Provider name: This is the name that appears to end users during their login challenge.
- Provider username format: Select the format expected by the provider.
Note
Custom is not supported with On Prem MFA.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example 1812).
This is defined when the On-Prem RADIUS server is configured. - Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click Add New Agent.
Note the value of the Instance ID.
You're also Provided a download link for the on-prem MFA agent installer. - Click the Save.
- Change the factor state to Active if required.
Configure RSA SecurID
- Select the Factor Types tab.
- Select the RSA SecurID factor, and click the Edit.
- If prompted click Enable RSA SecurID, then click Edit.
- Enter the following fields:
- RSA username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example 1812).
This is defined when the On-Prem RADIUS server is configured. - Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- RSA username format: Select the format expected by the provider.
- Click Add New Agent.
Note the value of the instance ID.
You're also provided a download link for the agent installer. - Enable or Disable as required.
- Click Save.