Configure the Cisco ASA VPN to Interoperate with Okta via RADIUS

This guide details how to configure Cisco ASA VPN to use the Okta RADIUS Server Agent.

Okta and Cisco ASA interoperate through RADIUS. For each Cisco ASA appliance, you can configure AAA Server groups which can be RADIUS, TACAS+, LDAP, etc. Using RADIUS, Okta’s agent translates RADIUS authentication requests from the VPN into Okta API calls.

The following best practice compares operating with SAML and RADIUS when both are available.

For a seamless end user experience and enhanced security and simplified architecture consider using SAML if you have AnyConnect versions greater than 4.4 and ASA versions greater than 9.7.1

Use this integration guide to configure an the Okta RADIUS Server Agent for older software versions or in cases where SAML authentication does not meet your requirements.

Note: The SAML app for Cisco ASA is named Cisco ASA VPN (SAML). To use it, add the app, click Sign On in the top menu, and then, click View Setup Instructions for installation instructions tailored to your organization.

There are six parts to the configuration. In addition to the required steps, you can configure optional settings. A list of additional resources is also provided.