Manual Chapter : Creating a virtual server for Okta API

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

Creating a virtual server for Okta API

You create a virtual server to act as the traffic destination address. Then you associate both a per-session policy and a per-request policy (properly configured using Okta MFA) with the virtual server. Requests coming in are protected using two levels of authentication: first at login and second Okta MFA.
If you have already created a virtual server, simply open it to make sure that the fields required to implement MFA with Okta Factor API are set correctly.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server.
  4. For the
    Destination Address/Mask
    setting, confirm that the
    Host
    button is selected, and type the IP address in CIDR format.
  5. In the
    Service Port
    field, type
    443
    or select
    HTTPS
    from the list.
  6. From the
    HTTP Profile (Client)
    list, select
    http
    .
  7. For the
    SSL Profile (Client)
    setting, from the
    Available
    list, select
    clientssl
    , and using the Move button, move the name to the
    Selected
    list.
  8. From the
    Source Address Translation
    list, select
    Auto Map
    .
  9. If you have several servers that host your backend applications, you may want to set up load balancing and create a pool. If you do, you should specify the
    Default Pool
    in the Resources section.
  10. In the Access Policy area, from
    Access Profile
    , select the access policy you created, and which performs the primary authentication.
  11. From
    Per-Request Policy
    , select the per-request policy you created for Okta API.
  12. Optional: Customize other settings as needed, or use the defaults.
  13. Click
    Finished
    .
The virtual server is created with the access policies and appropriate settings for Okta MFA.
You should send traffic to test the login process. Users log in with primary authentication, then the first time, they are asked to enroll in Okta MFA. (They can select only one factor here but you can set up a second factor using Okta Admin.) The user can select from the Okta factors set up for them on the Okta Admin Console. Subsequent logins go straight to the option(s) configured where the user is authenticated by Okta MFA using Push, TOTP, or Yubikey.