How to change the Radius Agent username format Skip to main content
https://support.okta.com/help/answers?id=9062a000000xa87qac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Fabien GilbertFabien Gilbert 

How to change the Radius Agent username format

Our VPN appliance is sending usernames in the DOMAIN\SAMAccountName format to the Okta Radius Agent, which it doesn't seem to be accepting. Upon testing with other Radius clients, the Okta Radius Agent seems to be working fine with UserPrincipalName or SAMAccountName -- just not DOMAIN\SAMAccountName. Is there any way to get the Okta Radius Agent to accept DOMAIN\SAMAccountName?

I have tried to change the Application username format to "
AD SAM account name + domain" in the Radius App in the Okta portal but that doesn't seem to have changed anything. There is a note in the app saying "Contact Okta Support to enable the RADIUS capabilities for this app." -- is that why?

Thanks,
Adrian HaisanAdrian Haisan (Okta, Inc.)
Hello Fabien.
Per https://help.okta.com/en/prod/Content/Topics/Security/Okta_Radius_App.htm

"Settings
Authentication: Retaining this default button allows Okta to perform primary authentication.
UDP Port: Each radius app has a unique number. Enter it in this required field.
Secret Key: In this required field, enter the secret key that will be used to encrypt and decrypt the user password. This key must be identical to what is configured on the VPN server.
Application username format: Choosing from this drop-down menu determines how the Radius client sends in the username.
Password Reveal: Check this if you want your users to securely see their password."


There is a note in the app saying "Contact Okta Support to enable the RADIUS capabilities for this app." -- is that why?
---
Regarding this part. The Radius App Model is already enabled for your environment so I believe there is nothing else that should be enabled.
Please feel free to open a support case if you have any other questions!