Can I make Okta work with the Sonicwall NetExtender? I'd like to be able to force 2FA and for the login through Okta. Skip to main content
https://support.okta.com/help/answers?id=906f0000000hzoqiac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Michael KampMichael Kamp 

Can I make Okta work with the Sonicwall NetExtender? I'd like to be able to force 2FA and for the login through Okta.

Has anyone made this work. We currently have the NetExtender authenticating against radius.
api-workday api-workdayapi-workday api-workday

Hi Michael, it doesn't look like the netExtender supports SAML so logging in through the traditional okta means doesn't seem feasible.

That said, you should be able to leverage the Okta radius agent and the new signon policies to accomplish and Okta backed MFA login experience.

  • https://support.okta.com/help/articles/Knowledge_Article/99245886-Configuring-Sign-On-Policies
  • https://support.okta.com/help/articles/Knowledge_Article/24434913-Installing-the-Okta-RADIUS-Agent
You mentioned you were using radius, i am just assuming you weren't using the Okta radius agent. If you are using the Okta radius agent already it should just be a matter of configuring the appropriate sign-on policy to enforece MFA.

-Matt
Michael KampMichael Kamp
Thanks for the response Matt. I current have the Okta Radius Client installed and am using it on my test F5 Appliance. In the first article you posted for configuring sign on policies. I don’t have this option. I have Mobile Policies and Wifi Config. Is there something I’m missing? Michael Kamp System Administrator Provisur Technologies, Inc. 9150 191st Street Mokena, Illinois 60448 USA T: +1 (708) 479-3632 M: +1 (708) 205-0626 Michael.Kamp@provisur.com www.provisur.com AM2C® Beehive® Cashin® Formax® multitec™ TST™ Weiler®
api-workday api-workdayapi-workday api-workday
Hi MIchael,
This might be a flag that needs to be turned on for your Org but i'm pretty sure it is a GA feature. You might need to open a request with support to enable the sign on policies feature.
Eric KarlinskyEric Karlinsky (Okta, Inc.)
Hey Michael,

This is an EA feature, so you do have to request that it be turned on for your org. Once you do, in order to use the RADIUS agent for multiple devices, you must configure the SonicWall NetExtender to authenticate using the same RADIUS settings (port, protocol, and shared secret) that you configured for the F5.

Eric