Add and configure On-Prem MFA/RSA SecurID
Before installing the agent, you must configure:
- MFA authenticators
- RSA SecurID or On-Prem MFA
Configure authenticators
- In a browser, navigate to your Okta Org and sign in as an Administrator.
- Click Security > Authenticators.
- From the Add Authenticator dialog, select either RSA SecurID or On-Prem MFA.
Once added, some Authenticators may be further configured from the list of added Authenticators by clicking Actions > Edit.
See also About MFA authenticators.
Configure On-prem MFA
- Enter the following fields:
- Provider name: This is the name that appears to end users during their login challenge.
- Username format: Select the format expected by the provider.
- Hostname: The server host name or IP address of the RSA server.
- Authentication Port: The RADIUS server port (for example 1812).
This is defined when the On-Prem RADIUS server is configured. - Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Click Add.
- Click Add New Agent.
Note the value of the instance ID.
You're also provided a download link for the on-prem MFA agent installer. - Activate or Deactivate the authenticator as required.
- Click Save.
Configure RSA SecurID
- Enter the following fields:
- Username format: Select the format expected by the provider.
- Hostname: The server host name or IP address.
- Authentication Port: The RADIUS server port (for example 1812).
This is defined when the On-Prem RADIUS server is configured. - Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
- Username format: Select the format expected by the provider.
- Click Add New Agent.
Note the value of the instance ID.
You're also provided a download link for the agent installer. - Activate or Deactivate as required.
- Click Save.