Manual Chapter :
Creating an Okta configuration for seamless access
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Creating an Okta configuration for seamless access
This task is completed in the Okta application. Okta
configuration information may differ or change; please refer to your Okta version's
documentation for the most up-to-date information.
Create an Okta configuration to enable the BIG-IP
system to interact with Okta for seamless access use cases.
- On the Okta server, click, create a group, and add users to it.
- Clickto enable Okta Verify.
- In thearea, enable the multifactor One Time Passcode (OTP) method (for example,Google Authenticator).
- Create and add a multifactor policy for the group you have created. Click, then enable Okta Verify and the other OTP method.
- Add the ruleEnroll in multi-factor - the first time a user signs into the policy.
- Create the RADIUS application on the Okta server with the command.
- Configure thePortandSecret.
- Disable the optionOkta performs primary authentication.
- Assign the group you created as theApplication.
- Configure the Okta RADIUS Agent.
- Install the RADIUS agent on the Windows Server.
- Specify the Okta domain during the installation, and authorize the agent in the Okta configuration.
For more information see Okta RADIUS Server Agent Deployment Best Practices. - Create an OAuth application and assign it to the group you created.
- Set up the Okta RADIUS agent, using the instructions here: https://help.okta.com/en/prod/Content/Topics/DeploymentGuides/Radius_Server_Agent/radius-server-agent-dg.htm
- Install the agent on a Windows server.
- Specify the Okta domain during the installation.
- Authorize the agent in the Okta configuration.
- Add the scopepreferred_usernameto the Okta authentication server, for use later.
Okta is now configured to work with a seamless
access configuration on the BIG-IP system.
Assign the Okta application to users.