Manual Chapter : Creating an Okta configuration for seamless access

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless OAuth with Okta and RADIUS MFA

Updated Date: 04/30/2026

Creating an Okta configuration for seamless access

This task is completed in the Okta application. Okta configuration information may differ or change; please refer to your Okta version’s documentation for the most up-to-date information.

Create an Okta configuration to enable the BIG-IP system to interact with Okta for seamless access use cases.

  1. On the Okta server, click Directory > Groups > **** > ****, create a group, and add users to it.

  2. Click Security > Multifactor > Okta Verify to enable Okta Verify.

  3. In the Security > Multifactor area, enable the multifactor One Time Passcode (OTP) method (for example, Google Authenticator).

  4. Create and add a multifactor policy for the group you have created. Click Security > Multifactor > Factor Enrollment > Add Multifactor policy, then enable Okta Verify and the other OTP method.

  5. Add the rule Enroll in multi-factor - the first time a user signs in to the policy.

  6. Create the RADIUS application on the Okta server with the command Applications > Create Application > RADIUS Application.

  7. Configure the Port and Secret.

  8. Disable the option Okta performs primary authentication.

  9. Assign the group you created as the Application.

  10. Configure the Okta RADIUS Agent.

    1. Install the RADIUS agent on the Windows Server.

    2. Specify the Okta domain during the installation, and authorize the agent in the Okta configuration.

    For more information see Okta RADIUS Server Agent Deployment Best Practices.

  11. Create an OAuth application and assign it to the group you created.

  12. Set up the Okta RADIUS agent, using the instructions here: https://help.okta.com/en/prod/Content/Topics/DeploymentGuides/Radius_Server_Agent/radius-server-agent-dg.htm

    1. Install the agent on a Windows server.

    2. Specify the Okta domain during the installation.

    3. Authorize the agent in the Okta configuration.

  13. Add the scope preferred_username to the Okta authentication server, for use later.

Okta is now configured to work with a seamless access configuration on the BIG-IP system.

Assign the Okta application to users.