Linux Authenticatio / Windows MFA Skip to main content
https://support.okta.com/help/answers?id=9062a000000qusiqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Marcelo MorasMarcelo Moras 

Linux Authenticatio / Windows MFA

Hello,

I would like to know if it is possible to authenticate linux users through Okta, looking at the help center I found some answers but it is not clear whether it is possible or not.
I checked that Windows have the Microsoft RDP (MFA) application, is it possible to do without MFA? Only login ?

Regards,
Best Answer chosen by Marcelo Moras
Wils DawsonWils Dawson (Okta, Inc.)
Hi Marcelo,

Ok, that makes sense. This isn't something we support directly today, but are looking closely at supporting that use case in the future.

Thanks,
Wils Dawson

All Answers

Wils DawsonWils Dawson (Okta, Inc.)
Hi Marcelo,

I want to make sure I understand your questions. It seems like there are two questions here, one about linux users, and another about Windows RDP. Is that right?

For the first about linux users, are you asking about authenticating users into linux systems? Or do you have an LDAP directory on a linux machine that you are trying to connect to Okta?

I'm not sure on the second question, unfortunately.
 
Teju ShyamsundarTeju Shyamsundar (Okta, Inc.)
Hi Marcelo, 

RE: MFA For RDP - you can create a sign on policy in the application to bypass MFA For a specific user. that user needs to be assigned to the app, but you can choose to exclude them from the app level sign on policy 
Marcelo MorasMarcelo Moras
Hi Dawson,

No, I don't have a LDAP directory, I'm asking about direct authenticating users into linux systems. 
 
Wils DawsonWils Dawson (Okta, Inc.)
Hi Marcelo,

Ok, that makes sense. This isn't something we support directly today, but are looking closely at supporting that use case in the future.

Thanks,
Wils Dawson
This was selected as the best answer
Gareth ReesGareth Rees (Okta, Inc.)
Hello @Marcelo have you looked at the Okta Radius Agent and using a Linux PAM for RADIUS AuthN?  

https://help.okta.com/en/prod/Content/Topics/DeploymentGuides/Radius_Server_Agent/radius-server-agent-dg.htm 

Note: currently it only support PAP not EAP so you need to be mindful of that and ensure the connection from the client to the radius agent is secured or use a RADIUS gatway like FreeRadius to proxy it. 

There is also another thread detailing it here: https://support.okta.com/help/answers?id=9062A000000QuncQAC&feedtype=SINGLE_QUESTION_DETAIL&dc=xProvisioning&criteria=OPENQUESTIONS& 

​Hope this Helps, Regards Gareth