F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Implementing Zero Trust with Per-Request Policies
  3. Okta MFA using Factors API
  4. Creating a virtual server for Okta API
Manual Chapter : Creating a virtual server for Okta API

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.1, 16.0.0
Manual Chapter

Creating a virtual server for Okta API

You create a virtual server to act as the traffic destination address. Then you associate both a per-session policy and a per-request policy (properly configured using Okta MFA) with the virtual server. Requests coming in are protected using two levels of authentication: first at login and second Okta MFA.
If you have already created a virtual server, simply open it to make sure that the fields required to implement MFA with Okta Factor API are set correctly.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
     field, type a unique name for the virtual server.
  4. For the
    Destination Address/Mask
     setting, confirm that the
    Host
     button is selected, and type the IP address in CIDR format.
  5. In the
    Service Port
     field, type
    443
     or select
    HTTPS
     from the list.
  6. From the
    HTTP Profile (Client)
     list, select
    http
    .
  7. For the
    SSL Profile (Client)
     setting, from the
    Available
     list, select
    clientssl
    , and using the Move button, move the name to the
    Selected
     list.
  8. From the
    Source Address Translation
     list, select
    Auto Map
    .
  9. If you have several servers that host your backend applications, you may want to set up load balancing and create a pool. If you do, you should specify the
    Default Pool
     in the Resources section.
  10. In the Access Policy area, from
    Access Profile
    , select the access policy you created, and which performs the primary authentication.
  11. From
    Per-Request Policy
    , select the per-request policy you created for Okta API.
  12. Optional: Customize other settings as needed, or use the defaults.
  13. Click
    Finished
    .
The virtual server is created with the access policies and appropriate settings for Okta MFA.
You should send traffic to test the login process. Users log in with primary authentication, then the first time, they are asked to enroll in Okta MFA. (They can select only one factor here but you can set up a second factor using Okta Admin.) The user can select from the Okta factors set up for them on the Okta Admin Console. Subsequent logins go straight to the option(s) configured where the user is authenticated by Okta MFA using Push, TOTP, or Yubikey.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information