Autopush for RADIUS

Okta's Autopush for RADIUS allows you to use the high assurance, low friction Okta Verify with Push feature when it is not possible for an end user to opt-in. The Okta Verify with Push experience has been popular with Admins for its high security implementation. The option for an end user to opt in for an automatic push has also increased end-user satisfaction by removing additional friction; specifically, the extra click to request the push. However, in some use cases, the end user cannot opt in, as this behavior is stored in a browser cookie. To bridge this gap, Okta's Autopush for RADIUS feature permits an admin to configure the behavior without requiring an enduser opt in.

Autopush for RADIUS is compatible with the following:

  • Okta VPN integrations supported by RADIUS
  • Okta's Generic RADIUS app

Topics

Prepare

Before you begin, complete the following:

  1. Implement either an Okta VPN (using RADIUS) or the Okta Generic RADIUS App in your Okta Preview test environment. See RADIUS Integrations for a complete list of integrations.

  2. Configure an app-based sign on policy for the application to require MFA on authentication.
  3. Enable Okta Verify with Push for your Okta preview test environment.
  4. Assign a test user to the configured app and enroll the test user in Okta Verify.

Configure advanced authentication settings

To enable RADIUS Autopush:

  1. In Okta, navigate to Applications > Applications.
  2. Open the target application by clicking its name.
  3. Select the Sign on tab.
  4. Scroll down to Advanced RADIUS Settings and click Edit.
  5. Check the boxes for both of the following items, as shown below.
    • Accept password and security token in the same login request
    • Permit Automatic Push for Okta Verify Enrolled Users

    Note: The first setting is required for autopush. It permits access with alternate MFA if a user has misplaced their device or otherwise lacks access to acknowledge the push.

  6. Click Save.

Test

Test the integration by performing an authentication with your test user against the configured RADIUS App or RADIUS enabled VPN. No other testing is necessary.