Getting started with Okta RADIUS Integrations
Okta provides the ability for organizations to use Okta to manage authorization and access to on-premises applications and resources using the RADIUS protocol. Okta provides a RADIUS Server AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. that organizations can deploy to delegate authentication to Okta. Admins can configure sign-on policies to RADIUS-protected applications just as they would any other application in the Okta Integration Network. Okta has created guides and OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs. apps for several commonly-used RADIUS integrations. For all other RADIUS-enabled applications, Admins can use the Okta [generic] RADIUS application.
About the Okta RADIUS Agent and Applications.
The Okta RADIUS Server agent:
- Is a lightweight program that runs as a system service.
- Tunnels communication between on-premises services and Okta's cloud service
- Delegates authentication to Okta using single-factor authentication (SFA) or multi-factor authentication (MFA).
- Supports the Password AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. Protocol (PAP).
- Supports UDP, defaulting to port 1812, using multiple ports simultaneously.
Overview of Installing the RADIUS Agent
The Okta RADIUS server agent can be installed on Windows servers.
For more information see:
Overview of Configuring the RADIUS Agent
Configuring Integrations typically requires several steps. Each agent has specific instructions.
In general:
- Configure Factor enrollment
Most RADIUS applications support multifactor authentication. Individual application support different factor sets. f you have not done so already, enable multifactor authentication for your users:Login to your Okta tenant as administrator.
Navigate to Security > Multifactor.
Add additional step to configure multifactor policies. For complete details see, Multifactor Authentication
- Create an application
- Install and configure the RADIUS agent.
Overview of Creating Okta Applications which use the RADIUS Agent
Okta RADIUS support can distinguish between different RADIUS-enabled apps and support them concurrently by setting up an Okta RADIUS appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. for each configuration. Additionally, the Okta RADIUS application supports policy creation and assignment of the application to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
RADIUS-enabled apps are easy to manage, as Admins can manage all of these apps and infrastructure configurations from the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console.