Manual Chapter :
Creating an Okta configuration for seamless access
Applies To:
Show Versions
BIG-IP APM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Creating an Okta configuration for seamless access
This task is completed in the Okta application. Okta
configuration information may differ or change; please refer to your Okta version's
documentation for the most up-to-date information.
Create an Okta configuration to enable the BIG-IP
to interact with Okta for seamless access use cases.
- On the Okta server, click , create a group, and add users to it.
- Click to enable Okta Verify.
- In the area, enable the multifactor One Time Passcode (OTP) method (for example,Google Authenticator).
- Create and add a multifactor policy for the group you have created. Click , then enable Okta Verify and the other OTP method.
- Add the ruleEnroll in multi-factor - the first time a user signs into the policy.
- Create the RADIUS application on the Okta server with the command .
- Configure thePortandSecret.
- Disable the optionOkta performs primary authentication.
- Assign the group you created as theApplication.
- Configure the Okta RADIUS Agent.
- Install the RADIUS agent on the Windows Server.
- Specify the Okta domain during the installation, and authorize the agent in the Okta configuration.
For more information see Okta RADIUS Server Agent Deployment Best Practices. - Create an OAuth application and assign it to the group you created.
- Set up the Okta RADIUS agent, using the instructions here: https://help.okta.com/en/prod/Content/Topics/DeploymentGuides/Radius_Server_Agent/radius-server-agent-dg.htm
- Install the agent on a Windows server.
- Specify the Okta doman during the installation.
- Authorize the agent in the Okta configuration.
- Add the scopepreferred_usernameto the Okta authentication server, for use later.
The Okta configuration is now configured to work
with a seamless access configuration on the BIG-IP.
Assign the Okta application to users.
