Applies To:Show Versions
- 16.0.1, 16.0.0
Configuring the Okta site for Okta Factors API
- Log in to the Okta admin console, and note the name of the Okta domain shown in the top right corner of the dashboard.The Okta domain name is required when configuring the Okta Connector on the BIG-IP system.
- Create a token to authenticate with the Okta API: navigate toand click theCreate Tokenbutton.The token content is only visible during the creation process. You might want to capture a screen shot of it for future reference, and put it in a secure location. You need to specify it when creating the Okta Connector.
- Clickand activate the factor types you want to use.F5 supports Okta Verify (Push and TOTP) and Yubikey. The factor types that you activate are the ones that can be enabled for end users, depending on factor enrollment policies. If users enroll themselves when logging in to the application or webtop secured by Okta, they can enroll only in one factor on APM. If you enroll them in more than one type that is supported by F5, the user has a choice of how to verify when they log in.
- Clickand add the end users to whom you want to provide access.
- Click, create a group, and add users to it.
- Create and add a multifactor policy for the group: Click.In the policy, you need to create a rule that prompts a new user to enroll in a factor the first time they sign in to their organization.
- Add the applications that will use Okta MFA.
- If end-users are authenticating with Yubikeys, you need to program the Yubikeys for Okta. Refer toProgramming Yubikeys for Okta Adaptive Multi-factor Authenticationin the Yubico documentation.
- Complete any additional Okta configuration necessary for your installation.