<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
RADIUS Token Expiry Time
Jan 14, 2025
Okta Identity Engine
Multi-Factor Authentication
Overview

Okta’s RADIUS Agent enables integration with systems that use RADIUS for authentication. For secure communication between the RADIUS client and Okta, an API token is required. The token allows the RADIUS Agent to interact with Okta’s API to verify user credentials and enforce multi-factor authentication (MFA).

Okta recommends using a dedicated service account to authorize RADIUS agents. This ensures that the API token is not tied to a specific user account

Applies To
  • RADIUS
  • API Token
  • Multi-Factor Authentication (MFA)
Solution

Okta API tokens are valid for 30 days from the time of issuance. To ensure uninterrupted functionality, it is essential to understand how to manage and renew these tokens effectively. It is important to consider the following key points:

  1. Token Validity
  • Each API token is valid for a period of 30 days.
  • The validity is extended by 30 additional days every time the token is used to make an API call.
  1. Token Renewal
    To keep a token active, ensure it is used to make at least one API call within its 30-day validity period. This will automatically refresh the token’s expiration date, resetting it for another 30 days.
    • Example: If a token is issued on November 1st and used on November 25th, its validity will extend to December 25th.
  1. Revoked Tokens
    If a token is revoked (e.g., due to security concerns or manual action), it cannot be renewed or used further. In such cases, a new token must be generated.

 

  1. Best Practices
  • Automate periodic API calls using the token to ensure its expiration date is consistently refreshed.
  • Monitor token usage and expiration dates to avoid disruptions in the integration.
  • Maintain a secure environment for storing API tokens and prevent unauthorized access or accidental revocation.

If the token has already expired, make sure to remove the current RADIUS agent and reinstall it by following this documentation. There is no need to manually create an API token because a new one will be automatically created when the RADIUS agent is reinstalled.

Related References

Recommended content

Still looking for help?
Loading
RADIUS Token Expiry Time