F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Implementing Zero Trust with Per-Request Policies
  3. Okta MFA using Factors API
  4. Configuring the Okta site for Okta Factors API
Manual Chapter : Configuring the Okta site for Okta Factors API

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Configuring the Okta site for Okta Factors API

You perform this task from the Okta administrator console.
Okta configuration information may differ or change; refer to the Okta documentation site (
help.okta.com
) for the most up-to-date information.
Configure Okta to enable APM policies to interact with Okta Factors API for implementing second factor authentication.
  1. Log in to the Okta admin console, and note the name of the Okta domain shown in the top right corner of the dashboard.
    The Okta domain name is required when configuring the Okta Connector on the BIG-IP system.
  2. Create a token to authenticate with the Okta API: navigate to
    Security
    API
     and click the
    Create Token
     button.
    The token content is only visible during the creation process. You might want to capture a screen shot of it for future reference, and put it in a secure location. You need to specify it when creating the Okta Connector.
  3. Click
    Security
    Multifactor
    Factor Types
     and activate the factor types you want to use.
    F5 supports Okta Verify (Push and TOTP) and Yubikey. The factor types that you activate are the ones that can be enabled for end users, depending on factor enrollment policies. If users enroll themselves when logging in to the application or webtop secured by Okta, they can enroll only in one factor on APM. If you enroll them in more than one type that is supported by F5, the user has a choice of how to verify when they log in.
  4. Click
    Directory
    People
     and add the end users to whom you want to provide access.
  5. Click
    Directory
    Groups
    , create a group, and add users to it.
  6. Create and add a multifactor policy for the group: Click
    Security
    Multifactor
    Factor Enrollment
    Add Multifactor policy
    .
    In the policy, you need to create a rule that prompts a new user to enroll in a factor the first time they sign in to their organization.
  7. Add the applications that will use Okta MFA.
  8. If end-users are authenticating with Yubikeys, you need to program the Yubikeys for Okta. Refer to
    Programming Yubikeys for Okta Adaptive Multi-factor Authentication
     in the Yubico documentation.
  9. Complete any additional Okta configuration necessary for your installation.
Okta is now configured to work with APM using API.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information