Okta On-Prem MFA agent (formerly RSA SecurID)
The Okta On-Prem MFA agent (formerly named the RSA SecurID agent) acts as a RADIUS client. It communicates with your RADIUS-enabled on-premises MFA server, which includes RSA Authentication Manager for RSA SecurIDs. This allows your organization to use second factor challenges from various on-premises multifactor authentication tools.
To sign in, end users must use an RSA hardware dongle device or soft token to generate an authentication code to sign into your org. The numbers are generated using a built-in clock and the card's factory-encoded random key.
If you're currently using the RSA SecurID agent (v. 1.1.0 or below), you should upgrade to the latest version of the On-Prem MFA agent at your earliest convenience. See Okta On-Prem MFA Agent Version History.
Before you begin
Before you set up the On-Prem MFA agent in Okta, set up the RADIUS server settings for your secure OAuth vendor.
Supported operating systems
You can install the Okta On-Prem MFA agent on the following platforms:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Typical workflow
Task |
Description |
---|---|
Download the agent | Download the Okta On-Prem MFA Agent from the MFA Plugins and Agents section. | page in your Okta org. The agent is in the
Add and configure On-Prem MFA/RSA SecurID | Configure required MFA authenticators. |
Disable SSL Pinning | For agents on a network containing a web security appliance, it might be necessary to disable SSL pinning. |
Install On-Prem MFA agent | Install the On-Prem MFA agent. |
Configure high availability | Install the agent on more hosts for high availability purposes. |
Configure verbose logging | Optional. Use verbose logging for testing and debugging purposes. |