Manual Chapter : About Okta MFA

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

About Okta MFA

In a subroutine in a per-request policy, the Okta MFA agent performs multifactor authentication (MFA) using the Okta service. The Okta MFA agent specifies the Okta Connector and the MFA prompt in the per-request policy subroutine. Many customization options allow you to adjust the wording of the MFA prompts.
The Okta MFA agent uses the
subsession.logon.last.username
variable for Okta queries from current or previously executed subroutines. It creates the following output variables:
  • subsession.okta_mfa.result
    , which contains 1 in the case of a successful authentication or enrollment.
  • subsession.okta_mfa.factor
    , which stores the factor name (okta_totp, okta_push, or yubico_otp) when authentication is successful.
The Okta MFA agent has two branches: Successful and fallback. The Successful branch expression should specify:
expr {[mcget {subsession.okta_mfa.result}] == 1}
The Okta MFA action provides these configuration elements and options:
Okta Connector
Specifies the Okta Connector to use with the action. The Okta Connector defines Okta API parameters (Okta Org domain and Okta API token), and refers to an associated HTTP Connector Transport object (for SSL and DNS settings).
Language
Specifies the language to use to customize the Okta MFA page. Selecting a language causes the content in the remaining fields to display in the selected language.
Languages on the list reflect those that are configured in the access profile.
Reset all defaults
Reset all the values to the defaults provided by the system.
Display name for Okta Verify factor
Specifies the title on the MFA screen, such as Okta verify.
TOTP caption
Specifies the label asking for the code provided for TOTP authentication, such as Enter code.
Push caption
Specifies the label requesting Push authentication, such as Send push.
Enter code caption
Specifies the label requesting a code, such as
Or enter code
.
Code error caption
Specifies the message to display if the user typed the code incorrectly.
Okta Verify enrollment setup message
Specifies that the user must set up multifactor authentication for Okta Verify.
Multifactor authentication enrollment setup text
Specifies the message that the user needs to set up MFA authentication. For example: Company requires multifactor authentication to use additional layer of security when signing in to your account.
Download mobile app and QRCode scan description
Specifies the instructions to download the Okta Verify mobile app. For example: Download and launch Okta Verify application on your mobile device and select Add an account to scan QR code.
Can't scan QR Code caption
Specifies the text to display if the QRCode cannot be scanned. For example: More options to enroll.
Add account using secret key message
Specifies the text when the user is enrolling using a secret key. For example: Enter your username and below secret key in Okta MFA App to add account.
Invalid Phone number error
Specifies the text asking the user to enter a valid phone number.
Please enter phone number
Specifies the text asking the user to enter a phone number.
Activation sms link sent message
Specifies the text of the message when the Activation link has been sent to your cell phone, which is included dynamically in the message.
Activation email link sent message
Specifies the text of the message when the Activation link has been sent to your registered email at Okta account.
Send link via Sms caption
Specifies the caption for the button to enroll via SMS.
Send link via email caption
Specifies the caption for the button to enroll via email.
Setup without push caption
Specifies the caption for the Setup without sending a push, such as Enroll manually without push.
Display name for YubiKey factor
Specifies the caption to select YubiKey authentication.
YubiKey message
Specifies the text that explains how to use the YubiKey for authentication, such as Insert your YubiKey into a USB port and tap it to generate a verification code.
Next caption
Specifies the caption for the Next button.
Back caption
Specifies the caption for the Back button.
Verify caption
Specifies the caption for the Verify button.
Enrollment text shown along with factor name. Factor name will be added dynamically
Specifies the enrollment and factor. To retrieve the factor, specify
[FACTOR_NAME]
anywhere in the text exactly as shown.