Manual Chapter : Creating a virtual server for Okta API
Applies To:Show Versions
- 16.0.1, 16.0.0
Creating a virtual server for Okta API
You create a virtual server to act as the traffic destination address. Then you associate both a per-session policy and a per-request policy (properly configured using Okta MFA) with the virtual server. Requests coming in are protected using two levels of authentication: first at login and second Okta MFA.
If you have already created a virtual server, simply open it to make sure that the fields required to implement MFA with Okta Factor API are set correctly.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- For theDestination Address/Masksetting, confirm that theHostbutton is selected, and type the IP address in CIDR format.
- In theService Portfield, type443or selectHTTPSfrom the list.
- From theHTTP Profile (Client)list, selecthttp.
- For theSSL Profile (Client)setting, from theAvailablelist, selectclientssl, and using the Move button, move the name to theSelectedlist.
- From theSource Address Translationlist, selectAuto Map.
- If you have several servers that host your backend applications, you may want to set up load balancing and create a pool. If you do, you should specify theDefault Poolin the Resources section.
- In the Access Policy area, fromAccess Profile, select the access policy you created, and which performs the primary authentication.
- FromPer-Request Policy, select the per-request policy you created for Okta API.
- Optional: Customize other settings as needed, or use the defaults.
The virtual server is created with the access policies and appropriate settings for Okta MFA.
You should send traffic to test the login process. Users log in with primary authentication, then the first time, they are asked to enroll in Okta MFA. (They can select only one factor here but you can set up a second factor using Okta Admin.) The user can select from the Okta factors set up for them on the Okta Admin Console. Subsequent logins go straight to the option(s) configured where the user is authenticated by Okta MFA using Push, TOTP, or Yubikey.