00u27o1rxrFNZCVIAOG1.5579364713623489E12 (Customer) asked a question.
OKTA Radius AnyConnect SMS/EMAIL/PUSH/CODE not working
I am POC'ing this and the only way I can get it to work for me is simply entering my password which inturn promtps me in the OKTA verify app to accept it. If I try and enter 'mypassword,sms' or anything for that matter after my password the login fails immediately.
Below are my settings, can someone help me figure out why I can't do anything inline on the password field? OKTA logs just show "Authentication of user via Radius FAILURE: Login failed" when I do try inline options.
Hi @00u27o1rxrFNZCVIAOG1.5579364713623489E12 (Customer) , Thank you for reaching out to the Okta Community!
Please make sure the following conditions are met:
-user is already enrolled with Okta Verify with Push,
-application username format matches expected value (typically SAMaccountName but may vary depending on implementation)
-user is assigned to the RADIUS app in Okta.
-confirm that app level sign-on policies are configured to allow access and prompt for MFA
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.
Yes all that is true and like I said auth works just only via PUSH, nothing else. That is the problem I am trying to fix.
OH, sorry. The title of the question lead me to believe that Push is also causing trouble.
Have you reviewed this article that explains the login flow?
https://support.okta.com/help/s/article/How-does-Accept-password-and-security-token-in-the-same-login-request-work-for-Okta-MFA-RADIUS-authentication?language=en_US
Also, it's my understanding that the request is case sensitive and "Must send the specified string “EMAIL/SMS/CALL”, which initially returns a failure. This results in the generation of a One Time Passcode (OTP) provided using the specified method. The provided OTP can then be used for authentication."
https://help.okta.com/en-us/Content/Topics/integrations/Okta_Radius_App.htm
That being said, if you continue experiencing issues, I recommend opening a case to work with one of our Support Engineers that can review the configuration with you.
The forum is not ideal for in-depth troubleshooting.
Regards.
--------------------------------
Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.
If we are using default MFA sign on does that include CALL/SMS/EMAIL/CODE support? If it doesn’t how and where do I enable them ?
Assuming I understood your question correctly this time, MFA enablement would depend on what type of environment you have.
Okta Classic:
https://help.okta.com/en-us/Content/Topics/Security/mfa/mfa-factors.htm
Okta Identity Engine:
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/authenticators/about-authenticators.htm
All of this being predicated on the assumption that you have the appropriate SKU for your org. If you are dealing with a preview or demo account, you might not have SMS/CALL as they may come at an additional cost or might need to be first enabled from the back-end (Okta Side).
Regards.
--------------------------------
Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.