Install the Agent
During this task we will install the On-Prem MFA agent.
The On-Prem MFA agent (v 1.3.3 or later) supports proxy configuration with your RADIUS enabled on-prem MFA server, including RSA Authentication manager for RSA SecurIDs.
Installs not requiring proxy support can ignore the steps marked [proxy-only].
Before you begin
- Ensure that you have the common UDP port and secret key values available and that the Okta RADIUS agent port 1812 is open.
Determine instance ID
The On-Prem MFA agent installer requires an instance identifier.
- In a browser, Navigate to your Okta Org and Login as an Administrator.
- Select Security > Authenticators.
- For either of On-Prem MFA or RSA SecurID authenticators used in the Add and configure On-Prem MFA/RSA SecurID, select Actions > Edit.
- Click Add new Agent.
- Copy the provided instance ID.
Execute the installer
- Navigate to the directory where the On-Prem MFA agent installer was downloaded and execute the installer as administrator.
- On the initial screen click Next.
- Click Next through the "Important Information" and "License Information" screens.
- Accept the default installation folder or browse to a different folder and then click Install.
The install will begin.
Proxy-only: Take note of the installation path, which will be used to enable proxies later in this install.
- On the Okta On-Prem Agent Configuration screen, enter your Instance ID.
Instance ID can be found in the in the apps Settings page in your Okta org.
See The Custom Option in Enabling the Agent .
- In the Register Okta On-Prem MFA Agent dialog enter the fully qualified URL for your org:
For example: https://mycompany.oktapreview.com.
Then click Next.
- Proxy - only - Modify settings to include a proxy.
- Leave the Okta Sign In page without signing in and open a File Explorer window.
- From File Explorer, locate and navigate to your config.properties file '
For example: <AGENT_INSTALL_PATH>\current\user\config\rsa-securid\config.properties
- Open the file in your favorite text editor.
- At the bottom of the file add proxy configuration key/value pairs.
Proxy includes the following key/value pairs:
proxyAddress = <ipaddress:[port]>
proxyUsername = <username>
proxyPassword = <password of proxyUsername>
- Save the file.
- Return to the installer.
Example configuration for a proxy with protocol: http, host: 127.0.0.1 , and port: 3128.
Note: If all the properties occur on a single line, add proxy settings beneath it.
- On the Sign In screen sign in to Okta.
- Click the Allow Access button.
- Bring the installer to the front to view completion of the install.
- The Installation Completed screen appears. If not, see Troubleshooting below.
- Click the Finish button to complete the installation.
To complete the installation, Windows must be restarted. Click, Yes, restart Windows now (recommended) to restart Windows immediately.
- From your File Explorer navigate to your existing installation folder.
- Open the file with your favorite text editor at C:\Program Files (x86)\....\Okta On-Prem MFA Agent\ current\user\config\rsa-securid\config.properties.
- Add your proxy configurations to the bottom of this file. Example keys are proxyAddress, proxyUsername, or proxyPassword.
The following is a simple configuration for a proxy with a http protocol host of 127.0.0.1 and a port of 3128.
Note: If all the properties occur on a single line, simply add your proxy settings beneath it.
- Save this file and run the installer for MFA-Agent.
- When the installation completes, an installation completed message appears. If not, see Troubleshooting below.
If your installation was not successful:
Confirm your proxy settings OR
Retry using sslPinningEnabled = false (Warning: only use this option if you are confident in how this works).
Upgrade - proxy only
If you enter proxy properties that are inaccurate, the installer may appear to succeed, but the agent will eventually fail. To verify these properties, examine the last connected timestamp on your list of agents in the Okta Administrator Dashboard.