Install Okta RADIUS agent on Linux
This document describes the process of installing the Okta RADIUS Agent on Linux operating systems.
The Okta RADIUS server agent delegates authentication to Okta using single-factor authentication (SFA) or multifactor authentication (MFA).
A RADIUS client sends the RADIUS agent the credentials (username and password) of a user requesting access to the client. Authentication then depends on your org's MFA settings.
- If MFA is disabled and the user credentials are valid, the user is authenticated.
- If MFA is enabled and the user credentials are valid, the user is prompted to select a second authentication factor. The user selects one, for example Google Authenticator or Okta Verify, and obtains a request for a validation code. If the code sent back to the client is correct, the user gains access.
- You must be able to sign in as root, or be able to execute root level commands using commands such as sudo.
- During installation you are prompted to enter your Okta URL, for example https://mycompany.okta.com, and you'll be required to authenticate as an admin. Have your Okta tenant URL and admin credentials available and ready for use.
- For more information about Okta RADIUS Agent Deployment, see Getting started with Okta RADIUS Integrations and RADIUS server best practices. For general information about Okta’s RADIUS Integrations, please see Okta RADIUS Integrations.
When installing the RADIUS Agent, you must be logged in to an account that either has both Read-only Admin, and App admin roles, or has the Super admin role.
In addition, Okta recommends the use of dedicated service account to authorize RADIUS agents. A dedicated account ensures that the API token used by the RADIUS agent is not tied to the life-cycle of a specific user account which could be deactivated when the user is deactivated. In addition, service accounts used for RADIUS agents must be given appropriate admin permissions.
- Proxy configurations must be configured directly in the agent configuration file.
- Installation on ARM64 infrastructures is not currently supported.
|Download the RADIUS agent||
|Configuring RADIUS apps||
To enable RADIUS authentication with Okta, you must install the Okta RADIUS server agent and configure one or more RADIUS applications in the Okta admin console. Admin console RADIUS applications allow Okta to distinguish between different RADIUS-enabled apps and support them concurrently. In addition, Okta RADIUS applications support policy creation and assignment of the application to groups.
For more information on configuring the RADIUS App see RADIUS applications in Okta.
|Installing the agent||Install the RADIUS Linux agent|
|Configure proxies||Configure proxies|
|Configure additional properties||Configure properties|
Restart the agent
|After any upgrade always stop and restart the RADIUS agent.
See restart in Manage the agent
|Manage the agent|
|Access and manage log files||Access and manage log files|
|Uninstall the agent||Uninstall the agent|