<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How Does "Accept password and security token in the same login request" Work for Okta MFA RADIUS Authentication
Mar 16, 2026
Okta Classic Engine
Multi-Factor Authentication
Overview

This article will show the expected behavior when setting the RADIUS advanced settings to authenticate with the "Accept password and security token in the same login request" option.

Applies To
  • Okta RADIUS
  • RADIUS Applications
  • VPN devices that do not support RADIUS-Challenge
  • Multi-Factor Authentication (MFA)
  • NTRadPing
  • Okta Classic Engine
Solution

The setting can be enabled by going to the designated RADIUS app in Okta from under the Sign On tab of the app.

  1. Scroll down to Authentication and select the Accept password and security token in the same login request option. The factors supported by this setting are SMS, Push, Call, Email, and Okta Verify token code.
  2. Regarding which factor is used, the user will have to "Log In" two times for SMS, Email, and Okta Verify token code. The first time to request a factor and the second time to enter the factor code received.
  3. There are two scenarios now:
    • If only one factor is enabled:

      1. The user must enter their Username and Password and log in;

      2. If Call or Push is the enabled factor, the user will authenticate via the Mobile device and will be logged in. If SMS / Email or Okta Verify token code is used, follow the next step;

      3. The user must enter their Username and Password again, but this time, they must add a comma to the end of their password, followed by the code received via SMS / Email or Okta Verify.

    • If multiple factors are enabled (SMS, Email, Okta Verify, etc.):

      1. The user must enter their Username and Password followed by the comma and the factor required to use;

      2. If Call or Push is the enabled factor, the user will authenticate via the Mobile device and will be logged in. If SMS / Email or Okta Verify token code is used, follow the next step;

      3. The user must enter their Username and Password comma and the code received.

Examples:

Scenario A

  1. The user enters the following:

    1. Username: test@test.com

    2. Password: Password1

    3. Factor code received: 0000

  2. The user enters again:

    1. Username: test@test.com

    2. Password: Password1,0000

Scenario B

  1. User enters:

    1. Username: test@test.com

    2. Password: Password1,sms

    3. Factor code received: 0000

  2. The user enters again:

    1. Username: test@test.com

    2. Password: Password1,0000

Related References 

Recommended content

Still looking for help?
Loading
How Does "Accept password and security token in the same login request" Work for Okta MFA RADIUS Authentication