Install and configure the Okta RADIUS agent on Linux
This document describes the process of installing the Okta RADIUS Agent on Linux operating systems.
This is an Early Access feature. To enable it, contact Okta Support.
The Okta RADIUS server agent delegates authentication to Okta using single-factor authentication (SFA) or multi-factor authentication (MFA).
A RADIUS client sends the RADIUS agent the credentials (username and password) of a user requesting access to the client. Authentication then depends on your org's MFA settings.
- If MFA is not enabled and the user credentials are valid, the user is authenticated.
- If MFA is enabled and the user credentials are valid, the user is prompted to select a second authentication factor. The user selects one (e.g., Google Authenticator or Okta Verify) and obtains a request for a validation code. If the code sent back to the client is correct, the user gains access.
Topics
Supported Operating Systems
The Okta RADIUS agent has been tested on the following Linux versions:
- Red Hat Enterprise Linux release 8.0
- CentOS 7.6
- Ubuntu 18.04.4
Requirements and limitations
Before you Begin
- You must be able to sign in as root, or be able to execute root level commands using commands such as sudo.
- During installation you are prompted to enter your Okta URL, for example https://mycompany.okta.com, and you'll be required to authenticate as an admin.
Have your Okta tenant URL and admin credentials available and ready for use. - For more information about Okta RADIUS Agent Deployment, see Getting started with Okta RADIUS Integrations and Okta RADIUS Server Agent Deployment Best Practices. For general information about Okta’s RADIUS Integrations, please see Okta RADIUS Integrations.

Caution
When installing the RADIUS Agent you must be logged in to an account which has all three of Read-only Admin, Mobile Admin, and App admin roles, or Super admin role.
In addition, Okta recommends the use of dedicated service account to authorize RADIUS agents. A dedicated account ensures that the API token used by the RADIUS agent is not tied to the life-cycle of a specific user account which could be deactivated when the user is deactivated. In addition, service accounts used for RADIUS agents must be given appropriate admin permissions.
Please refer to the Administrators permission table (MFA section) for specific permissions required.
Known Limitations
-
Proxy configurations must be configured directly in the agent configuration file.
Typical workflow
Task |
Description |
---|---|
Download the RADIUS agent |
|
Configuring RADIUS apps |
|
Installing the agent | |
Configure proxies | |
Configure additional properties | |
Restart the agent |
|
Manage the agent | |
Access and manage log files | |
Uninstall the agent |