Manual Chapter : Creating an Okta configuration for seamless access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Creating an Okta configuration for seamless access

This task is completed in the Okta application. Okta configuration information may differ or change; please refer to your Okta version's documentation for the most up-to-date information.
Create an Okta configuration to enable the BIG-IP to interact with Okta for seamless access use cases.
  1. On the Okta server, click
    Directory
    Groups
    , create a group, and add users to it.
  2. Click
    Security
    Multifactor
    Okta Verify
    to enable Okta Verify.
  3. In the
    Security
    Multifactor
    area, enable the multifactor One Time Passcode (OTP) method (for example,
    Google Authenticator
    ).
  4. Create and add a multifactor policy for the group you have created. Click
    Security
    Multifactor
    Factor Enrollment
    Add Multifactor policy
    , then enable Okta Verify and the other OTP method.
  5. Add the rule
    Enroll in multi-factor - the first time a user signs in
    to the policy.
  6. Create the RADIUS application on the Okta server with the command
    Applications
    Create Application
    RADIUS Application
    .
  7. Configure the
    Port
    and
    Secret
    .
  8. Disable the option
    Okta performs primary authentication
    .
  9. Assign the group you created as the
    Application
    .
  10. Configure the Okta RADIUS Agent.
    1. Install the RADIUS agent on the Windows Server.
    2. Specify the Okta domain during the installation, and authorize the agent in the Okta configuration.
  11. Create an OAuth application and assign it to the group you created.
    1. Install the agent on a Windows server.
    2. Specify the Okta doman during the installation.
    3. Authorize the agent in the Okta configuration.
  12. Add the scope
    preferred_username
    to the Okta authentication server, for use later.
The Okta configuration is now configured to work with a seamless access configuration on the BIG-IP.
Assign the Okta application to users.