Manual Chapter : Overview of Okta with OAuth, step-up authentication, and RADIUS MFA

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless OAuth with Okta and RADIUS MFA

Updated Date: 04/30/2026

Overview of Okta with OAuth, step-up authentication, and RADIUS MFA

You can create a Zero Trust Identity Aware Proxy configuration using Okta and OAuth, with RADIUS MFA. For this scenario, the Zero Trust proxies are Access Policy Managers configured in Client + Resource Server configurations. APM is configured as the Authentication Server. RADIUS is used for multifactor authentication in a branch that requires more authentication (for example, an /admin URL). In this scenario, the authentication server uses the Zero Trust Step-Up Authentication feature to provide seamless access across different apps.

To create a configuration for Seamless Auth with Okta, OAuth, and RADIUS MFA, you must complete the following steps.

  • Create the Okta configuration
  • Create an Okta OAuth provider
  • Configure an OAuth client and resource server on APM
  • Create an allow-all access policy and a per-request policy
  • Create configuration objects in the per-request policy
  • Assign the access policy and per-request policy to a virtual server