Install the RADIUS Windows agent

During this step we install the Windows RADIUS agent.

Caution

Caution

When installing the RADIUS Agent you must be logged in to an account which has all three of Read-only Admin, Mobile Admin, and App admin roles, or Super admin role.
In addition, Okta recommends the use of dedicated service account to authorize RADIUS agents. A dedicated account ensures that the API token used by the RADIUS agent is not tied to the life-cycle of a specific user account which could be deactivated when the user is deactivated. In addition, service accounts used for RADIUS agents must be given appropriate admin permissions.

Please refer to the Administrators permission table (MFA section) for specific permissions required.

  1. From your Administrator Dashboard, select Settings > Downloads > Okta RADIUS Server Agent.

  2. Click the Download button and run the Okta RADIUS installer.

  3. Proceed through the installation wizard to the "Important Information" and "License Information" screens.

  4. Choose the Installation folder and click the Install button.

  5. On the Okta RADIUS Agent Configuration screen, enter your RADIUS Shared Secret key and RADIUS Port number. If you are using the RADIUS application, these elements are not required.

    Info

    Note

    As of EA version 2.9.6 EA RADIUS Shared Secret and Port are not required. When installing the RADIUS Agent v2.9.6 EA or later these screens will be not be displayed.

    Info

    Note

    Avoid the use of special characters when entering the shared secret. Certain special characters can cause the installation to fail with Error Code: 3.

  6. On the Okta RADIUS Agent Proxy Configuration screen, you can optionally enter your proxy information. Click the Next button.

  7. On the Register Okta RADIUS Agent screen, enter the following: Choose your org version.

  8. If setting this up to test on your Okta Preview Sandbox org, you'll need to enter the complete URL for your org. For example: https://mycompany.oktapreview.com

    • Enter Subdomain – For example, if you access Okta using https://mycompany.okta.com, enter "mycompany", as described below.
      • Production - Select Production and enter a production domain.
        For example: mycompany.okta.com.
      • Preview- Select preview and enter a preview domain.
        For example: mycompany.oktapreview.com.
      • Custom- Select custom and enter a custom domain.
        For example: mycompany.mydomain.com[:port].
  9. For Windows Server 2008 R2 Core only: Open a browser and add the provided URL into the address field. This authorizes the installer to use Okta.

  10. Click the Next button to continue on to an Okta Sign In page.
  11. Sign into the service specific Okta account on the Sign In screen.
  12. Click the Allow Access button.
  13. Radius_7.jpg

  14. The confirmation screen appears. Click the Finish button to complete the installation.
    Info

    Note

    If during the agent installation you encounter Error code 12: Could not establish trust relationship for the SSL/TLS service channel, ensure that you are running the latest version of the agent as older agent versions do not support TLS 1.2.

  15. Configure a RADIUS app in Okta to configure the RADIUS agent port, shared secret, and advanced RADIUS settings .
    For more information about configuring the RADIUS App in your okta tenant please see RADIUS applications in Okta