Configure the F5 BigIP APM to Interoperate with Okta via RADIUS

This guide details how to configure F5 BIG IP APM to use the Okta RADIUS Server AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. in conjunction with the Okta Integration Network (OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs.) F5 BIG IP RADIUS for APM and VPN AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in..

Okta and F5 BIG IP APM interoperate through either RADIUS or SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. 2.0. For each F5 BIG IP APM, you can assign one or more authentication providers. Using RADIUS, Okta’s agent translates RADIUS authentication requests from the VPN into Okta API calls.

For integration with Okta via SAML 2.0, in Okta, add the app from the OIN by navigating to Applications > Applications> Add Application, search for F5 BIG IP RADIUS), and then click Add Application.

The following best practice compares operating with SAML and RADIUS when both are available.

There are five parts to the configuration, including optional settings. Troubleshooting help and a list of additional resources are also provided.

Top