Manual Chapter : Defining an HTTP Connector Transport for Okta MFA

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Defining an HTTP Connector Transport for Okta MFA

Okta MFA requires that you create an HTTP Connector Transport to provide transport level parameters (such as an SSL profile and DNS resolver), used for sending requests to Okta.
  1. On the Main tab, click
    Access
    Authentication
    HTTP Connector
    HTTP Connector Transport
    .
  2. Click
    Create
    .
  3. Specify a
    Name
    for the connector transport.
  4. Select a
    DNS Resolver
    that the transport uses to resolve the server name specified in the HTTP Connector URL. Click
    +
    to create a new resolver.
  5. Select a
    Server SSL Profile
    that the HTTP Connector Transport uses to encrypt communication for the HTTP Connector. Click
    +
    to create a Server SSL Profile, then select the profile.
    Okta MFA requires encrypted communication for the connection so the Server SSL Profile is required.
    F5 recommends that for the
    Trusted Certificate Authorities
    field in the SSL profile that you do not use the default
    ca-bundle.crt
    . Instead, create a smaller CRT bundle, which includes only the CA root certificates required by Okta. Refer to Okta documentation for details.
  6. Specify a limit for the
    Maximum Response Size
    , in bytes, that the HTTP Connector Request can receive. The Maximum Response Size limit is ignored if the Response Action in the associated HTTP Connector Request is set to
    Ignore
    .
  7. Specify the
    Timeout
    in seconds for the HTTP Connector Transport connection.
  8. Click
    Save
    .
The HTTP Connector Transport is defined, and appears in the HTTP Connector Transport list. You will need to select it when creating an Okta Connector.