Configure Fortinet Appliance to interoperate with Okta via RADIUS
This guide details how to configure a Fortinet appliance to use the Okta RADIUS Server Agent.
Topics
Before you begin
Before installing the Okta RADIUS Agent ensure that you have met these minimum requirements for network connectivity:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, may be changed in RADIUS app install and configuration) | RADIUS traffic between the gateway (client) and the RADIUS Agent (server) |
Supported factors
The following MFA Factors are supported:
| MFA Factor | Password Authentication Protocol PAP |
Extensible Authentication Protocol - Generic Token Card EAP-GTC |
Extensible Authentication Protocol - Tunneled Transport Layer Security EAP-TTLS |
|---|---|---|---|
| Okta Verify (TOTP and PUSH) | Supported | Supported | Supported - as long as challenge is avoided. For example: MFA-only or password, MFA for TOTP. Push can work with primary auth + MFA as the push challenge is sent out-of-band. |
| Voice Call | Supported | Supported | Not supported |
| SMS Authentication | Supported | Supported | Not supported |
| Google Authenticator | Supported | Supported | Supported - as long as challenge is avoided. For example MFA only or password, MFA. |
| Symantec VIP | Supported | Supported | Supported |
| Security Question | Supported | Supported | Not supported |
| Custom TOTP Authentication | Supported | Supported | Not supported |
| Duo(Push, SMS and Passcode only) | Supported | Supported | Supported (passcode, Push) |
| YubiKey | Supported | Supported | Supported |
|
Supported |
Supported |
Supported |
|
|
Supported |
Supported |
Not supported |
Note
The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent |
|
| Install the Okta RADIUS Agent. | |
| Configure application |
|
| Configure gateway |
|
| Configure optional settings |
|
| Test |
Related topics
- Fortinet Document Library for FortiGate/FortiOS
- Fortinet remote group match and troubleshooting
- SAML vs RADIUS interoperability
- Installing the Okta RADIUS Agent under Windows or Linux.