Configure Fortinet Appliance to interoperate with Okta via RADIUS
This guide details how to configure a Fortinet appliance to use the Okta RADIUS Server Agent.
Topics
Before you begin
Before installing the Okta RADIUS Agent ensure that you have met these minimum requirements for network connectivity:
Source | Destination | Port/Protocol | Description |
---|---|---|---|
Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic |
Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, may be changed in RADIUS app install and configuration) | RADIUS traffic between the gateway (client) and the RADIUS Agent (server) |
Supported factors
The following MFA Factors are supported:

When integrating with Okta RADIUS, the maximum supported number of enrolled factors is dependent on the size of resulting challenge message. Okta recommends that no more than eight ( 8 ) factor be enrolled at one time.
MFA Factor | Password Authentication Protocol PAP |
Extensible Authentication Protocol - Generic Token Card EAP-GTC |
Extensible Authentication Protocol - Tunneled Transport Layer Security EAP-TTLS |
---|---|---|---|
Okta Verify (TOTP and PUSH) | Supported | Supported | Supported - as long as challenge is avoided. For example: MFA-only or password, MFA for TOTP. Push can work with primary auth + MFA as the push challenge is sent out-of-band. |
Voice Call | Supported | Supported | Not supported |
SMS Authentication | Supported | Supported | Not supported |
Google Authenticator | Supported | Supported | Supported - as long as challenge is avoided. For example MFA only or password, MFA. |
Symantec VIP | Supported | Supported | Supported |
Security Question | Supported | Supported | Not supported |
Custom TOTP Authentication | Supported | Supported | Not supported |
Duo(Push, SMS and Passcode only) | Supported | Not supported | Not supported |
YubiKey | Supported | Supported | Supported |
Supported |
Supported |
Supported |
|
Supported |
Supported |
Not supported |

Note
The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.
Typical workflow
Task |
Description |
---|---|
Download the RADIUS agent |
|
Install the Okta RADIUS Agent. | |
Configure application |
|
Configure gateway |
|
Configure optional settings |
|
Test |
Related topics
- Fortinet Document Library for FortiGate/FortiOS
- Fortinet remote group match and troubleshooting
- SAML vs RADIUS interoperability
- Installing the Okta RADIUS Agent under Windows or Linux.