TedP.13881 (Customer) asked a question.
Okta Radius and Verify Push
Can the Okta Radius Config (Agent or App) be configured to NOT use Verify Push? Why do you ask?
Backstory: We want users to use Push with Numeric for every app since it is the most secure of the options of MFA and Numberic prevents MFA Bombing from causing MFA Fatigue. Since Numeric Push is not supported with Radius, we have users that are attempting to use Push but are failing due to timing out and unable to authenticate. We have notified the users to not use Push with their Radius app, but this is a nuance an enduser shouldnt be expected to remember - especially when we recommend useing the most secure options.
Hello @TedP.13881 (Customer) Thank you for reacting out to our Community!
With Okta Classic Engine this might be possible to setup an authentication policy where you select "Authenticate via Radius" and then select the desired MFA.
With Okta OIE you can add a specific authentication flow per application that should resolve the issue, please see OIE doc for this:
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/policies/about-policies.htm
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
The October issue of the Okta Community is here and packed with tips on certification, how to earn badges, and new releases. Let us help you stay connected.
we had the issue as well and unfortunately it is about user education. The user needs to be instructed to type their password followed by comma and then okta verify (OTP) as one string. This will avoid and automatic push. alternatively, they should also be able to type password,sms and should be prompted for the code but i have not seen that in action.