Install the RADIUS Linux agent

  1. Prepare the environment
    1. Download the RADIUS agent installer as noted in the Before you Begin section.
    2. If using an Amazon Elastic Compute Cloud (commonly referred to as Amazon EC2) ensure you have all required keys and upload the RPM into the environment.
  2. Validate the download

    Check the Downloads page to see this agent's file size and SHA-512 hash. You can use the file size and hash to verify the integrity of the files.

    1. In the Admin Console, go to SettingsDownloads.
    2. Select the Download link next to the RADIUS installer (rpm or deb).
      1. In the Admin Console, go to SettingsDownloads.
      2. Click Download Latest link next to the RADIUS installer that you want to download.
      3. Use one of the following commands to generate the hash on your local machine. Replace setup in the commands with the file path to your downloaded agent.
        • Linux: sha512sum setup.rpm
        • macOS: shasum -a 512 setup.rpm
        • Windows: CertUtil -hashfile setup.exe SHA512
      4. Verify that the generated hash matches the hash on the Downloads page.
  3. Install the agent

    The following commands must be run as root.

    RADIUS port is exchanged with the RADIUS agent when the associated RADIUS application is configured. This exchange occurs in the background and no administrator intervention is required.

    1. Login to the computer which will run the agent and open a terminal window.
    2. Become root.

      $ su root password:<enter root password>

    3. Install the agent using rpm or apt.
      1. Use rpm to install the agent:

        rpm -Uvh OktaRadiusSetupRPM-{M.m.details}.rpm

        Where:

        • U - install or upgrade
        • v - execute in verbose mode
        • h - Periodically print hash marks (#) while performing operation
        • M.m.details - represents the most recent version of the agent RPM (for example, OktaRadiusSetupRPM-2.10.0.rpm).
      2. Use debian apt to install the agent:

        apt install /${PATH_TO_INSTALLER_FILE}/OktaRadiusAgentSetup-{M.m.details}.deb

        Where:

        • M.m.details - represents the most recent version of the agent DEB (for example, OktaRadiusAgentSetup-2.10.0.deb).
    4. The installer prompts you to enter the base URL for your Okta organization (for example, https://mycompany.okta.com).
    5. The server prompts you for proxy information. Enter Yes to enter a proxy or No to skip proxy configuration. If you chose to enter a proxy, enter the hostname/port combination for the proxy server, and optionally a username and password.
    6. The agent prompts you to authenticate with your Okta tenant. Copy the URL from the agent install window and open the link in a web browser. The URL resembles the following:

      https://{yourorg.okta.com}/oauth2/auth?code={code}

    7. In the web browser, you're prompted to authenticate to Okta and authorize the agent. Click Allow Access.

      Okta recommends authorizing the agent using a dedicated service account with Super Admin privileges. An API token is generated for the agent.

      See Manage Okta API tokens to learn more about API tokens.

      See Before you Begin to learn more about service accounts.

    8. Return to the Linux terminal window where you should see a message stating the agent was successfully registered.
    9. Configure a RADIUS app in Okta to configure the RADIUS agent port, shared secret, and advanced RADIUS settings .
      For more information about configuring the RADIUS App in your okta tenant please see RADIUS applications in Okta

    After any upgrade Okta recommends that you always shutdown and restart the RADIUS agent.

Next steps

Configure proxies