Configure F5 BIG IP optional settings

F5 BIG IP supports two optional settings: Client IP Reporting and Groups response.

Topics

Before you begin

  • Ensure that you have the common UDP Port and Secret key values available

Configure Client IP Reporting

To configure Okta to be able to parse, report on and eventually enforce policy based off of the source client IP Address you need to configure the F5 BIG IP RADIUS for APM and VPN App in Okta as follows:

Enter the following settings in Advanced RADIUS Settings found on the Sign On tab for the Radius app in your Okta Admin Console

  • Client IP: Check Report client IP.
  • RADIUS End User IP Attributes: 66 Tunnel-Client-Endpoint

Configure Groups Response

F5 BIG-IP APM can use group information from Okta to make advanced assignment and policy decisions. To configure Okta to send Radius Group information to F5 BIG-IP APM

Enter the following settings in Advanced RADIUS Settings found on the Sign On tab for the Radius app in your Okta Admin Console, as shown below.

  • RADIUS Attribute: 25 Class
  • Group memberships to return Select Groups to Return
  • Response format: Repeating attributes

  • Group name format: ${group.name}