Getting started with Okta RADIUS Integrations

Okta provides the ability for organizations to use Okta to manage authorization and access to on-premises applications and resources using the RADIUS protocol. Okta provides a RADIUS Server Agent that organizations can deploy to delegate authentication to Okta. Admins can configure sign-on policies to RADIUS-protected applications just as they would any other application in the Okta Integration Network. Okta has created guides and OIN apps for several commonly-used RADIUS integrations. For all other RADIUS-enabled applications, Admins can use the Okta [generic] RADIUS application.

About the Okta RADIUS Agent and Applications.

The Okta RADIUS Server agent:

  • Is a lightweight program that runs as a system service.
  • Tunnels communication between on-premises services and Okta's cloud service
  • Delegates authentication to Okta using single-factor authentication (SFA) or multi-factor authentication (MFA).
  • Supports the Password Authentication Protocol (PAP).
  • Supports EAP Tunneled Transport Layer Security (EAP-TTLS).
    Currently the Cisco Meraki and Cisco ASA RADIUS apps support configuration for EAP-TTLS.
  • Supports UDP, defaulting to port 1812, using multiple ports simultaneously.

The Okta RADIUS server agent can be installed on Windows and Linux servers.

For more information see:

Configuring Integrations typically requires several steps. Each agent has specific instructions.
In general:

  1. Configure Factor enrollment
    Most RADIUS applications support multifactor authentication. Individual application support different factor sets. If you have not done so already, enable multifactor authentication for your users:

    1. Login to your Okta tenant as administrator.

    2. Navigate to Security > Multifactor.

    3. Add additional step to configure multifactor policies. For complete details see, Multifactor Authentication

  2. Create an application
  3. Install and configure the RADIUS agent.

Okta RADIUS support can distinguish between different RADIUS-enabled apps and support them concurrently by setting up an Okta RADIUS app for each configuration. Additionally, the Okta RADIUS application supports policy creation and assignment of the application to groups.

RADIUS-enabled apps are easy to manage, as Admins can manage all of these apps and infrastructure configurations from the Okta Admin Console.

For more information see: