Install Okta RADIUS server agent on Linux

This document describes how to install the Okta RADIUS server agent on Linux operating systems.

The Okta RADIUS server agent delegates authentication to Okta using single-factor authentication (SFA) or multifactor authentication (MFA).

A RADIUS client sends the credentials of a user who's requesting access to the client to the RADIUS agent. Authentication requests are processed based on the org settings:

  • If MFA is disabled and the user credentials are valid, the user is authenticated.
  • If MFA is enabled and the user credentials are valid, the user is prompted to select a second authenticator. The user selects one and obtains a request for a validation code. If the code is correct, the user gains access.

For information about Okta RADIUS server agent deployment, see Getting started with Okta RADIUS Integrations and RADIUS server best practices. For information about Okta RADIUS integrations, see Okta RADIUS Integrations.

Supported operating systems

The Okta RADIUS server agent has been tested on the following Linux versions:

  • Red Hat Enterprise Linux release 8.0, 8.3
  • CentOS 7.6
  • Ubuntu 18.04.4, 20.04.1 LTS

Before you Begin

  • You must be able to sign in as root, or be able to execute root-level commands using commands like sudo.
  • Sign in to an account that has either of these role assignments when you install the Okta RADIUS server agent:
    • The read-only admin and app admin roles
    • The super admin role
  • Use a dedicated service account to authorize Okta RADIUS server agents.
  • Give appropriate admin permissions to service accounts used for Okta RADIUS server agents. See the Multifactor Authentication section in Standard administrator roles and permissions.
  • Do proxy configurations only in the agent configuration file.
  • Obtain your Okta org URL and admin credentials before installation. The installer prompts you for them.
  • Installation on ARM64 infrastructures isn't supported.

Typical workflow

Task

Description

Download the Okta RADIUS server agent See Install the RADIUS Linux server agent.
Enable RADIUS authentication with Okta Install the Okta RADIUS server agent and configure RADIUS apps in the Admin Console. These apps allow Okta to distinguish between different RADIUS-enabled apps and then support them concurrently. Okta RADIUS apps also let you create policies and assign apps to groups.

See RADIUS applications in Okta.

Install the agent Install the RADIUS Linux server agent
Configure proxies Configure proxies
Configure additional properties Configure properties

Restart the agent

After any upgrade, always stop and restart the Okta RADIUS server agent.
See restart in Manage the agent.
Manage the agent

Manage the agent

Access and manage log files Access and manage log files
Uninstall the agent Uninstall the agent