Add and configure On-Prem MFA/RSA SecurID

Before installing the agent, you must configure:

  • MFA authenticators
  • RSA SecurID or On-Prem MFA

Configure authenticators

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, go to SecurityAuthenticators.
  3. Choose RSA SecurID or On-Prem MFA.
  4. Some authenticators have additional configuration options that you can configure from the list of added authenticators by clicking ActionsEdit.

Configure On-prem MFA

  1. Enter the following fields:
    • Provider name: This is the name that appears to end users during their login challenge.
    • Username format: Select the format expected by the provider.
    • Hostname: The server host name or IP address of the RSA server.
    • Authentication Port: The RADIUS server port (for example 1812).
      This is defined when the On-Prem RADIUS server is configured.
    • Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
  2. Click Add.
  3. Click Add New Agent.
    Note the value of the instance ID.
    You're also provided a download link for the on-prem MFA agent installer.
  4. Activate or Deactivate the authenticator as required.
  5. Click Save.

Configure RSA SecurID

  1. Enter the following fields:
    • Username format: Select the format expected by the provider.
    • Hostname: The server host name or IP address.
    • Authentication Port: The RADIUS server port (for example, 1812). This is defined when the On-Prem RADIUS server is configured.
    • Shared Secret: An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
  2. Click Add New Agent. Note the value of the instance ID. You're also provided a download link for the agent installer.
  3. Activate or Deactivate as required.
  4. Click Save.

Next steps

Disable SSL Pinning