Autopush for RADIUS
Okta's Autopush for RADIUS allows you to use the high assurance, low friction Okta Verify with Push feature when it is not possible for an end user to opt-in. The Okta Verify with Push experience has been popular with Admins for its high security implementation. The option for an end user to opt in for an automatic push has also increased end-user satisfaction by removing additional friction; specifically, the extra click to request the push. However, in some use cases, the end user cannot opt in, as this behavior is stored in a browser cookie. To bridge this gap, Okta's Autopush for RADIUS feature permits an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. to configure the behavior without requiring an enduser opt in.
Autopush for RADIUS is compatible with the following:
- Okta VPN integrations supported by RADIUS
- Okta's Generic RADIUS appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.
Step-by-step Configuration Guide
There are seven parts to the configuration, including prerequisites and testing. Answers to frequently asked questions are also provided.
Before you begin, you must complete the following four steps.
Implement either an Okta VPN (using RADIUS) or the Okta Generic RADIUS App in your Okta Preview test environment.
- Configure an app-based sign on policy for the application to require MFA on authentication.
- Enable Okta Verify with Push for your Okta preview test environment.
- Assign a test user to the configured app and enroll the test user in Okta Verify.
Complete the following steps to enable RADIUS Autopush,
In the Sign on tab for the app you created, scroll down to Advanced RADIUS Settings and click Edit.
- Check the boxes for both of the following items, as shown below.
- Accept password and security token in the same login request
- Permit Automatic Push for Okta Verify Enrolled UsersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control.
Note: The first setting is required for autopush. It permits access with alternate MFA if a user has misplaced their device or otherwise lacks access to acknowledge the push.
- Click Save.
Test the integration by performing an authentication with your test user against the configured RADIUS App or RADIUS enabled VPN. No other testing is necessary.