Okta On-Prem MFA agent (including RSA SecurID)
The Okta On-Prem MFA agent (formerly named the RSA SecurID agent) acts as a RADIUS client and communicates with your RADIUS enabled on-prem MFA server, including RSA Authentication manager for RSA SecurIDs. This allows your organization to leverage second factor challenges from a variety of on-premises multifactor authentication tools.
To sign in, end users must use an RSA hardware dongle device or soft token to generate an authentication code to sign into your org. The numbers are generated using a built-in clock and the card's factory-encoded random key. The Okta On-Prem MFA agent (formerly named the RSA SecurID agent) acts as a RADIUS client and will communicate with your RADIUS enabled on-prem MFA server, including RSA Authentication manager for RSA SecurIDs.
If you are currently using the RSA SecurID agent> (v. 1.1.0 or below), you should upgrade to the latest version of the On-Prem MFA agent at your earliest convenience. For the latest version and version history, see Okta On-Prem MFA Agent Version History.
Before setting up the On-Prem MFA agent within Okta, set up the RADIUS server settings for your secure OAuth vendor.
The Okta On-Prem MFA agent can be installed on the following:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
|Download the agent||Download the Okta On-Prem MFA Agent from the Settings > Downloads page your in Okta org.
The agent is found in the MFA Plugins and Agents section.
|Add and configure On-Prem MFA/RSA SecurID||Before installing the agent, your must configure: Required MFA authenticators.|
|Disable SSL Pinning||For agents on a network containing a web security appliance, it might be necessary to disable SSL pining.|
|Install On-Prem MFA agent
||On-Prem MFA supports installing the agent supporting proxy or non-proxy agent install. Determine which is appropriate and then follow the instructions to install the agent.|
|Configure high availability||On-Prem MFA supports high availability by installing second and subsequent instances of the agent on additional Windows hosts.|
|Configure verbose logging||Optionally, for testing and debugging purposes configure verbose logging.|