This article addresses the following situation: SonicWall NetExtender is the VPN solution in use, and it relies on Okta RADIUS for the authentication process. Throughout this process, users are asked to insert their username in the username field and their password in the password field, along with an Okta Verify code, under the format password,123456.
However, authentication fails, and in Okta System logs can be seen the messages:
Authentication of user via Radius
FAILURE: Login failed.
Authentication of user via MFA
FAILURE: INVALID_CREDENTIALS
The AD Agent will indicate that the failure is due to login failure, while Okta will indicate that the authentication failed due to INVALID_CREDENTIALS.
- Multi-Factor Authentication (MFA)
- RADIUS Authentication
The issue appears to be related to the way SonicWall interprets the user's authentication response, leading to failed authentication.
To fix this issue, the following steps can be tested:
- Try using password,code (entering the word code and not the Okta Verify code) - by doing this, the user will then be prompted to enter a code.
- Try using password.push (entering the word push) - by doing this, the user will then be prompted with a push notification on their phone. After validation, the user will be connected.
- If none of the above solved the issue, open a case with Okta Support, as a certain feature flag must be enabled for the org.
