Okta group membership information for authorization
You can configure Okta to provide different levels of authorization and access based on the groups to which users belong for a RADIUS-enabled service. Use the following procedure for each app to configure by group membership.
- Navigate to an application you would like to enable this feature for from the Applications page in the Okta Dashboard and select Sign On.
- On the sign-page for the app click Edit in the Advanced RADIUS Settings section towards the bottom of the page.
Steps 3-6 refer to the screen shown below.
- Select Include groups in RADIUS response.
- In the RADIUS attribute dropdown list, choose the attribute that you want Okta to pass this group information through to your specific app or infrastructure. Currently, the available choices are 11 Filter-ID, 25 Class, and 26 Vendor-Specific. These values are the most widely accepted attributes to pass group information through to most vendors. If you are unsure which to choose, consult your vendor's technical reference documentation or contact their technical team.
-
Specify the Okta groups that you want to include in the RADIUS response if a user belongs to them.
Note: This means that if a user belongs to four groups, but you only list two of the four in this field, Okta will only pass the two groups to your RADIUS-enabled app. Likewise, if your user doesn't belong to either of the two groups you listed in this field then Okta will not return any group for that specific user.
- Configure the Response Format and Group Name Format you want to use to pass this information to your RADIUS application or infrastructure. Like the RADIUS attribute, this can vary depending on your setup and the specific vendor's hardware. For help in configuring this setting, contact the vendor's technical support team.
After successfully completing this configuration, Okta passes group membership information to your RADIUS enabled app or system. You can now log into your app or infrastructure and configure its action based on these specific groups.