Manual Chapter : Configuring the Okta site for Okta Factors API

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.1, 16.0.0
Manual Chapter

Configuring the Okta site for Okta Factors API

You perform this task from the Okta administrator console.
Okta configuration information may differ or change; refer to the Okta documentation site (
help.okta.com
) for the most up-to-date information.
Configure Okta to enable APM policies to interact with Okta Factors API to implement second factor authentication and perform user authentication.
  1. Log in to the Okta admin console, and note the name of the Okta domain shown in the top right corner of the dashboard.
    The Okta domain name is required when configuring the Okta Connector on the BIG-IP system.
  2. Create a token to authenticate with the Okta API: navigate to
    Security
    API
    and click the
    Create Token
    button.
    The token content is only visible during the creation process. You might want to capture a screen shot of it for future reference, and put it in a secure location. You need to specify it when creating the Okta Connector.
  3. Click
    Security
    Multifactor
    Factor Types
    and activate the factor types you want to use.
    F5 supports Okta Verify (Push and TOTP) and Yubikey. The factor types that you activate are the ones that can be enabled for end users, depending on factor enrollment policies. If users enroll themselves when logging in to the application or webtop secured by Okta, they can enroll only in one factor on APM. If you enroll them in more than one type that is supported by F5, the user has a choice of how to verify when they log in.
  4. Click
    Directory
    People
    and add the end users to whom you want to provide access.
  5. Click
    Directory
    Groups
    , create a group, and add users to it.
  6. Create and add a multifactor policy for the group: Click
    Security
    Multifactor
    Factor Enrollment
    Add Multifactor policy
    .
    In the policy, you need to create a rule that prompts a new user to enroll in a factor the first time they sign in to their organization.
  7. Add the applications that will use Okta MFA.
  8. If end-users are authenticating with Yubikeys, you need to program the Yubikeys for Okta. Refer to
    Programming Yubikeys for Okta Adaptive Multi-factor Authentication
    in the Yubico documentation.
  9. Complete any additional Okta configuration necessary for your installation.
Okta is now basically configured to work with APM using API.