Install the On-Prem MFA Agent
The On-Prem MFA Agent supports proxy configuration with your RADIUS-enabled on-prem MFA server, including RSA Authentication Manager for RSA SecurIDs.
Before you begin
Ensure that you have the common UDP port and secret key values available and that the Okta RADIUS agent port 1812 is open.
Install the agent
Complete these tasks to install the On-Prem MFA Agent.
Determine the instance ID
The On-Prem MFA Agent installer requires an instance identifier.
- Sign in to your Okta org as an admin.
- Select .
- Select for either the On-Prem MFA or RSA SecurID authenticators. Select the same authenticator that you used in Add and configure On-Prem MFA/RSA SecurID.
- Click Add new Agent.
- Copy the instance ID.
Run the installer
- Go to the directory where you saved the On-Prem MFA Agent installer. Run the installer as an administrator.
- Click Next.
- Click Next on the Important Information and License Information pages.
- Accept the default installation folder or browse to a different folder and then click Install. If you use a proxy server, note the installation path. You need it to enable proxies.
- Enter the instance ID on the Okta On-Prem Agent Configuration page. You can find this value in the app's Settings page in your Okta org.
- In the Register Okta On-Prem MFA Agent dialog, enter the fully qualified URL for your org.
- Click Next.
- If you use a proxy server, modify the settings to include a proxy.
- Open a File Explorer window.
- Find the config.properties file, like <AGENT_INSTALL_PATH>\current\user\config\rsa-securid\config.properties.
- Open the file in a text editor.
- Add proxy configuration key-value pairs to the end of the file. If all the properties are on a single line, add the key-value pairs below them. A proxy includes the following key-value pairs:
proxyAddress = http://<ipaddress:[port]>
proxyUsername = <username>
proxyPassword = <password of proxyUsername> - Save the file.
- Open Internet Options.
- Click Connections.
- Click LAN.
- Click Proxy.
- Enter the proxy settings.
- Click Save on each dialog until the Internet Options dialog appears.
- Close Internet Options.
-
Optional. Extend the timeout period for the client session. You may need to increase the default value in situations where you use push.
- Open the config.properties file in a text editor.
- Edit the radiusSocketTimeoutMs field to a value between one and 30000 milliseconds. If the parameter is missing, add it at the bottom of the file.
- Sign in to Okta with super admin, app admin, or API access management admin privileges. See OpenID Connect end-to-end scenario.
- Click Allow Access.
- Bring the installer to the front and wait for the installation to finish.
- The Installation Completed page appears.
- Click Finish.
- Restart Windows to complete the installation.
Specify proxies for existing agents
- Open the C:\Program Files (x86)\....\Okta On-Prem MFA Agent\current\user\config\rsa-securid\config.properties file in a text editor.
- Add your proxy configurations to the bottom of this file. Example keys are proxyAddress, proxyUsername, or proxyPassword. If all the properties are on a single line, add the proxy settings below them.
- Save this file and run the installer for the On-Prem MFA Agent.
- When the installation completes, a success message appears.
Troubleshoot installation and upgrade issues
Follow these steps if you encounter issues while installing or upgrading the On-Prem MFA Agent.
New installation
If you encounter an error during installation, verify your proxy settings. You can also retry the installation using the sslPinningEnabled = false setting. Only use this option if you have previous experience using it.
Upgrade (proxy only)
If you entered proxy properties that are inaccurate, the installer may appear to succeed, but the On-Prem MFA Agent eventually fails. To verify these properties, examine the last connected timestamp on your list of agents in the Admin Dashboard.