Install the Agent

During this task we will install the On-Prem MFA agent with or without proxy support.

The On-Prem MFA agent (v 1.3.3 or later) supports proxy configuration with your RADIUS enabled on-prem MFA server, including RSA Authentication manager for RSA SecurIDs.

Administrators who don't need proxy support can ignore the steps marked [proxy-only].

Topics

Before you begin

  • Ensure that you have the common UDP port and secret key values available and that the Okta RADIUS agent port 1812 is open.

Install the Agent

Determine instance ID

The On-Prem MFA agent installer requires an instance identifier.

  1. Sign in to your Okta org as admin.
  2. Select Security > Mutlfactor.
  3. Select the Factor Types tab.
  4. Select the factor selected in the Enabling the Agent task.
  5. Click Add new Agent.
  6. Copy the provided instance ID.

Execute the installer

  1. Navigate to the directory where the On-Prem MFA agent installer was downloaded and execute the installer as an administrator.
  2. On the initial screen click Next.
  3. Click Next through the "Important Information" and "License Information" screens.
  4. Accept the default installation folder or browse to a different folder and then click Install.
    The install will begin.
    Proxy-only: Take note of the installation path, which will be used to enable proxies later in this install.
  5. On the Okta On-Prem Agent Configuration screen, enter your Instance ID.
    Instance ID can be found in the On-Prem Multifactor Authentication Settings page in the Okta app.
    See The Custom Option in Enabling the Agent .
  6. In the Register Okta On-Prem MFA Agent dialog enter the fully qualified URL for your org:
    For example: https://mycompany.oktapreview.com.
    Then click Next.
  7. Proxy - only - Modify settings to include a proxy.
    1. Leave the Okta Sign In page without signing in and open a File Explorer window.
    2. From File Explorer, locate and navigate to your config.properties file '
      For example: <AGENT_INSTALL_PATH>\current\user\config\rsa-securid\config.properties
    3. Open the file in your favorite text editor.
    4. At the bottom of the file add proxy configuration key/value pairs.
      Proxy includes the following key/value pairs:
      proxyAddress = <ipaddress:[port]>
      proxyUsername = <username>
      proxyPassword = <password of proxyUsername>
    5. Save the file.
    6. Return to the installer.

    Example configuration for a proxy with an protocol: http, host of 127.0.0.1 and a port 3128.

Note: If all the properties occur on a single line, add proxy settings beneath it.

  1. Sign into Okta on the Sign In screen.
  2. Click the Allow Access button.
  3. Bring the installer to the front to view completion of the install.
  4. The Installation Completed screen appears. If not, see Troubleshooting below.
  5. Click the Finish button to complete the installation.
    Tip

    Tip

    To complete the installation, Windows must be restarted. Click, Yes, restart Windows now (recommended) to restart Windows immediately.


Specifying proxies for existing MFA agent

  1. From your File Explorer navigate to your existing installation folder.
  2. Open the file with your favorite text editor at C:\Program Files (x86)\....\Okta On-Prem MFA Agent\ current\user\config\rsa-securid\config.properties.
  3. Add your proxy configurations to the bottom of this file. Example keys are proxyAddress, proxyUsername, or proxyPassword.

The following is a simple configuration for a proxy with an http protocol host of 127.0.0.1 and a port of 3128.

Note: If all the properties occur on a single line, simply add your proxy settings beneath it.

  1. Save this file and run the installer for MFA-Agent 1.3.2.
  2. When the installation completes, an installation completed message appears. If not, see Troubleshooting below.

Troubleshooting

If your installation was not successful:

New installation

Reconfirm your proxy settings OR

Retry using sslPinningEnabled = false (Warning: only use this option if you are confident in how this works).

Upgrade - proxy only

If you enter proxy properties that are inaccurate, the installer may appear to succeed, but the agent will eventually fail. To verify these properties, examine the last connected timestamp on your list of agents in the Okta Administrator Dashboard.