Is it possible to set up OKTA RADIUS policies based upon the address the RADIUS request is coming from? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0miiak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Eric KegleyEric Kegley 

Is it possible to set up OKTA RADIUS policies based upon the address the RADIUS request is coming from?

Right now it's looking like Okta RADIUS is a global policy, but I'l like to use Okta RADIUS to force MFA for multiple VPN connections which would use different Okta groups to determine who gets to log on to each one. I am not having good luck with the fine-grained LDAP example in the Okta documentation. I can do the coarse grained MFA and the LDAP Group look up separately, but the two together are not working. Figured that Okta knows the source of the RADIUS call, that address should be able to be used to set up some rules
Best Answer chosen by Niki (Okta, Inc.) 
Lee TschetterLee Tschetter (Okta, Inc.)
The functionality you are looking for is currently on our roadmap for this year. There will be more flexibility and device awareness as part of our RADIUS enhancements.

All Answers

Lee TschetterLee Tschetter (Okta, Inc.)
The functionality you are looking for is currently on our roadmap for this year. There will be more flexibility and device awareness as part of our RADIUS enhancements.
This was selected as the best answer
Eric KegleyEric Kegley
Thank you very much for the quick reply. Glad to know this is on the roadmap and that satisfies me for now.
Szymon KaflinskiSzymon Kaflinski
Ran into the same issue. Glad to hear it's being looked at.
Okta AD Agent SNLNS089Okta AD Agent SNLNS089
We're trying to configure multiple MFA policies against two different VPN technologies (Pulse and OpenVPN). We've run into the same roadblock where we can only use one policy which overrides the rest. 
I hope this gets resolved sooner than later. 
Christopher BrittonChristopher Britton
Any update on this enhancement? We're looking to use this for two different VPN technology (Citrix and Cisco) and need to be able to apply group rules based on the IP of the device.
Okta AD Agent SNLNS089Okta AD Agent SNLNS089
There is a beta program for the latest version of the Radius Agent which is supposed to support what we're after in this thread. We're just getting going with it. If you're interested in joining the beta just email "beta@okta.com" with Subject "Multiple Radius Agents BETA". 
Eric KegleyEric Kegley
Awesome! I look forward to being a part of the beta.
Christopher BrittonChristopher Britton
Any update on when this feature will be available as EA?
Eric TiptonEric Tipton
Any update?