Install the RADIUS LINUX agent

During this task you will:

  1. Prepare the environment
    1. Download the RPM installer as noted in the Install the RADIUS LINUX agent section.
    2. If using an Amazon Elastic Compute Cloud (commonly referred to as Amazon EC2) ensure you have all required keys and upload the RPM into the environment.
  2. Validate the download

    Check the Downloads page to see this agent's file size and SHA-512 hash. You can use the file size and hash to verify the integrity of the files.

    1. In the Admin Console, go to Settings > Downloads.
    2. Select the Download link next to the RADIUS installer (rpm or deb).
    3. Use one of the following commands to generate the hash on your local machine. Note that you should replace setup with the file path to your downloaded agent.
      • Linuxsha512sum setup.rpm
      • MacOSshasum -a 512 setup.rpm
      • WindowsCertUtil -hashfile setup.exe SHA512
    4. Verify that the generated hash matches the hash on the Downloads page.
  3. Install the agent

    The following commands must be run as root.

    RADIUS port is exchanged with the RADIUS agent when the associated RADIUS application is configured. This exchange occurs in the background and no administrator intervention is required.

    1. Login to the computer which will run the agent and open a terminal window.
    2. Become root.

      $ su root
      password:<enter root password>
    3. Install the agent.
      1. Using rpm to install the agent run the command:
        rpm -Uvh OktaRadiusSetupRPM-{M.m.details}.rpm
        Where:
        • U - install or upgrade
        • v - execute in verbose mode.
        • h - Print hash marks, #, periodically while performing operation
        • M.m.details represents the most recent version of the agent RPM.
          For example: OktaRadiusSetupRPM-2.10.0.rpm
      2. Using debian apt to install the agent run the command: 
        apt install /${PATH_TO_INSTALLER_FILE}/OktaRadiusAgentSetup-{M.m.details}.debWhere:
        • M.m.details represents the most recent version of the agent DEB.
          For example: OktaRadiusAgentSetup-2.10.0.deb 
    4. The installer will execute and prompt you to enter the base URL for your Okta organization.
      For example: https://mycompany.okta.com
    5. The server will then prompt for proxy information.
      Enter Yes to enter a proxy or No for skip proxy configuration.
      Use proxy server (Choose 'No' to use direct connection) Yes/[No] :
      If Yes is selected, enter the hostname/port combination for the proxy server, along with optional Username and password as shown below.
      1. Enter proxy server address (host:port): [enter proxy server name/IP address and port ]
      2. Enter proxy server Username (optional): [enter optional username]
      3. Enter proxy server Password (optional): [enter optional password]
    6. The agent will then prompt you to authenticate with your Okta tenant.
      Copy the URL from the agent install window into a web browser.
      The URL will resemble:
      https://{yourorg.okta.com}/oauth2/auth?code={code}
    7. In the web browser, you’ll be prompted to authenticate to Okta and authorize the agent.
      Click Allow Access.

      Okta recommends authorizing the agent using a dedicated service account with Super Admin privileges. An API token will be generated for the agent. To learn more about API tokens see API token management.
      Refer to Install the RADIUS LINUX agent for more information.

    8. Return to the Linux terminal window where you should see a message stating the agent was successfully registered.
    9. Configure a RADIUS app in Okta to configure the RADIUS agent port, shared secret, and advanced RADIUS settings .
      For more information about configuring the RADIUS App in your okta tenant please see RADIUS applications in Okta

    After any upgrade Okta recommends that you always shutdown and restart the RADIUS agent.

  4. Troubleshoot
    •  


Next steps

Configure Proxies