This article provides a comprehensive step-by-step review of the installation process of the Okta Windows RADIUS agent.
- RADIUS
- Windows Operating System
- Multi-Factor Authentication (MFA)
When setting up a RADIUS integration, a RADIUS agent that acts as an intermediate between the VPN and Okta must be installed.
- The RADIUS Agent can be downloaded from the Okta Admin Dashboard Settings > Downloads.
- After the agent is downloaded, it can be installed.
- During the installation process, several steps must be confirmed during the installation.
>
>
- During the installation process, the location where the agent will be installed must be specified.
- If a proxy connection is used, this must be specified during the installation process.
- The Okta Tenant URL must be specified during the installation process. NOTE: The URL must be complete and the default URL (without -admin and with https://).
- After the Okta Tenant URL was specified the admin must authenticate in Okta to generate an API Token that will be linked with the RADIUS agent.
NOTE: When installing the RADIUS Agent, log in with an account that has both:
-
- Read-only Admin and App admin roles;
- or has the Super admin role.
In addition, Okta recommends using a dedicated service account to authorize RADIUS agents. A dedicated account ensures that the API token used by the RADIUS agent is not tied to the life cycle of a specific user account, which could be deactivated when the user is deactivated.
The Okta credentials used in creating the API Token will show as the actor for every authentication event in the System Logs when authenticating with the RADIUS agent.
- After logging into Okta, they must give permissions to the agent to access Okta and generate the API Token.
- After allowing access, the installation process will continue.
>
NOTE: Please refer to the Typical workflow table in our manual for full instructions on the broader scope of RADIUS deployment options, considerations, and troubleshooting:
