Configure the Sophos USM gateway
During this task we will configure Sophos USM to use the Sophos UTM RADIUS OIN app.
There are four parts to this configuration:
- Enable automatic user creation
- Configure a New Authentication Server
- Create a RADIUS Backend Group
- Allow group access to resources
Before you begin
- Ensure that you have the common UDP port and secret key values available.
- Sign in to the Sophos UTM Web Admin console with sufficient privileges.
- Navigate to Definitions & Users > Authentication Services, and then click Add to define a new RADIUS server.
- On the Global Settings tab check the box to Create users automatically, as shown below.
In the Automatic User Creation for Facilities check the appropriate facilities for your environment, as shown above.
Recommendation: Select Client Authentication and End-User Portal.
- In the Sophos UTM Web Admin console, navigate to Definitions & Users > Authentication Services, and select the Servers tab. The screen shown below opens.
Click the New Authentication Server... button.
- Enter the following information:
- Backend: RADIUS
- Postion: Top
- Name: Unique and appropriate name; for example OktaMFA
- Type: Host
- IPv4 address: IP address of the Okta RADIUS Server Agent
- Interface: The appropriate interface for your environment
- Port: The UDP Port defined in Part 2, step 3, above; for example, 1815
- Shared Secret: The Secret Key defined in Part 2, step 3, above
- Authentication timeout (sec): 60
- When done, click Save
- In the Sophos UTM Web Admin console, navigate to Definitions & Users > Users & Groups, and select the Groups tab. The screen shown below opens.
- Click New Group….
- Enter the following information in the Add Group section:
- Group Name: Unique and appropriate name, such as Okta RADIUS Users
- Group Type: Backend Membership
- Backend: RADIUS
Click Save to save the settings.
- In the Sophos UTM Web Admin console, navigate to Remote Access, and select the desired connection method. The screen shown below opens.
- Click New HTML5 VPN Portal Connection... or use an existing connection.
Add the group you created in Step 3 to the Users and Groups or Allowed Users (Userportal) list.