Manual Chapter :
Overview: Okta MFA using Factors API
Applies To:
Show Versions
BIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Overview: Okta MFA using Factors API
You can manage authorization and access to applications and resources using
Okta MFA with Push, TOTP, and Yubikey factors using API-based integration for both
standard and modern customization. End users can enroll multiple factors as desired
while logging in. This example describes how to manually configure a Zero Trust Identity
Aware Proxy using Okta MFA integrated in APM through Okta Factors API. You need to
perform some administrative tasks in Okta and configure an application on the Okta
administration dashboard for both identity and MFA access.
On APM, an Okta Connector defines Okta API parameters for the domain and API
token. The Okta Connector also uses an HTTP Connector Transport for SSL and DNS
settings. Then, you implement second factor authentication in an APM per-request policy
by adding an Okta MFA agent to a subroutine. The agent specifies the place in the policy
to trigger the MFA prompt and references the Okta Connector.
This use case does not require deployment of a separate RADIUS server. To
implement Okta MFA with RADIUS authentication (without the use of Okta Factor API), Okta
MFA see
Seamless OAuth with Okta and RADIUS MFA
.
