An Okta RADIUS server agent is a lightweight program that runs as a service outside of Okta. It is usually installed outside of a firewall which gives Okta a route to communicate between an on-premise server and Okta’s cloud network.
Okta employs a handful of different types of agents with varying uses, including:
- Active Directory
- RADIUS Password Sync
The Okta RADIUS Server agent delegates authentication to Okta using single-factor authentication (SFA) or multi-factor authentication (MFA). It installs as a Windows service and currently supports the Password Authentication Protocol (PAP).
Can I Use Okta RADIUS Agent For Wi-Fi?
In its current iteration, Okta RADIUS agent does not support WiFi infrastructure. The Okta RADIUS Server agent is most often used for authentication, when authentication is being performed by a VPN that does not support SAML.
However, you can use your Okta directory to enroll for certificates that can be used to authenticate against a RADIUS server. We provide this service to customers all the time, by providing software to tie Okta to our PKI, providing mechanisms for end users to use their Okta credentials to self-service themselves for certificates, and also providing a RADIUS server.
If you’d like more information about this, check out our Okta Integration Guide here.
How Can I Use Okta With RADIUS?
Okta RADIUS can distinguish the different RADIUS applications you use and support them all simultaneously by setting up an Okta RADIUS app for each configuration. Okta RADIUS also allows you to create policies to organize end-users into groups that are given access to different applications.
How Do I Setup Okta RADIUS Agent?
To install the Okta RADIUS agent:
- From your Administrator Dashboard, select Settings > Downloads > Okta RADIUS Server Agent.
- Click the Download button and run the Okta RADIUS installer.
- Proceed through the installation wizard to the “Important Information” and “License Information” screens.
- Choose the Installation folder and click the Install button.
- On the Okta RADIUS Agent Configuration screen, enter your RADIUS Shared Secret key and RADIUS Port number. If you are using the RADIUS application, these elements are not required.
- On the Okta RADIUS Agent Proxy Configuration screen, you can optionally enter your proxy information. Click the Next button.
- On the Register Okta RADIUS Agent screen, enter the following: Choose your org version.
- If setting this up to test on your Okta Preview Sandbox org, you’ll need to enter the complete URL for your org. For example: https://mycompany.oktapreview.com
- Enter Subdomain – For example, if you access Okta using https://mycompany.okta.com, enter “mycompany”, as described below.
- For Windows Server 2008 R2 Core only: Open a browser and add the provided URL into the address field. This authorizes the installer to use Okta.
- Click the Next button to continue on to an Okta Sign In page.
- Sign into the service specific Okta account on the Sign In screen.
- Click the Allow Access button.
- The confirmation screen appears. Click the Finish button to complete the installation.
- Configure a RADIUS app in Okta to configure the RADIUS agent port, shared secret, and advanced RADIUS settings.
Okta’s LDAP Agent
LDAP (Lightweight Directory Access Protocol) is an industry standard protocol used for accessing and maintaining distributed directory information services. Okta’s LDAP Interface allows for cloud based LDAP authentication rather than authentication from an on-premise server.
Furthermore, the agent allows you to use your LDAP server for networking applications like Wi-Fi, while using your Okta for SAML applications like web apps.
Use Okta as SSO for 802.1x Certificate Enrollment
Okta enables you to provide SSO access to cloud, on-premise, and mobile applications. This is especially useful when combined with SecureW2’s EAP-TLS certificate solutions. Okta can be easily integrated with SecureW2 which allows users to be equipped with certificates for authentication, the highest form of security.
As users enroll for a certificate through SecureW2’s onboarding software, they enter Okta credentials and are confirmed for network use. The certificate is then imprinted with the user’s identity and the device identity can be automatically authenticated by the network for all future authentication requests.
You can also use Okta with Cloud RADIUS to further enhance user experience. The identity context and rapid authentication of certificates ensures that your network is well-organized and protected from any potential threat. Click here for a pricing estimate that tailors our cost effective solution to your organization’s needs.
*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Eytan Raphaely. Read the original post at: https://www.securew2.com/blog/use-the-okta-radius-agent-wi-fi/