Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.
RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple solution for adding multi-factor authentication (MFA) to Okta via its Radius solution. This step by step integration instruction illustrates how to configure both Okta and Acceptto appliance using RADIUS.
- An Acceptto Appliance connected to your user directory (for example Microsoft ‘Active DirectoryTM’).
- A user with administrative privileges for the Acceptto Appliance.
- The user population that is going to be authenticated via Radius must be enrolled in the It’sMe mobile application.
- A user with administrative privileges for the Okta Dashboard.
Configure the Acceptto Appliance RADIUS interface
- Login to the Acceptto Appliance admin panel with an administrative account, select RADIUS, and enter the following values.
- NETBIOS domain - enter the NETBIOS domain name.
- Assigned Computer Name - Enter the computer name that you want to be created in Active Directory.
- REALM - Enter the realm that is appended to your username. Usually, this is your domain name.
- MFA Active Directory Group - Enter the LDAP group that contains the users that can login via MFA (note that by default users outside of this group will have their access denied).
- MFA Login message - enter the message that your users are going to see on the It’sMe mobile application.
- Radius eGuardian UID - enter the UID of Radius application in your eGuardian Admin Panel.
- Radius eGuardian Secret - enter the Secret of Radius application in your eGuardian Admin Panel.
- Click Save Changes.
- Log in to your Okta organization URL with an administrative account. Then, go to the Security tab and select Multifactor.
- Navigate to On-Prem MFA > Edit and click on Enable ON-Prem MFA.
- Fill the fields based on the following table and click Add New Agent.
|**Provider Name**||Optional. For example, Acceptto MFA|
|**Provider username format**||Okta username prefix|
|**Hostname**||The hostname or IP address of the Acceptto Appliance|
|**Authentication port**||The port configured for RADIUS in Acceptto Appliance. Default is 1812|
|**Shared Secret**||RADIUS shared key in Acceptto Appliance|
- Download the Agent, copy, and keep your Instance ID number and click Save.
Install Okta Agent
- Run the agent you downloaded earlier on a machine that can communicate with Acceptto Appliance through RADIUS protocol. Proceed with Next.
- You can change the Installation Folder.
- Enter the Instance ID number you got earlier from Okta and click Next.
- Enter your Okta Organization URL and click Next.
- You will be redirected to your Okta instance and need to Sign In with your credentials.
- Select Allow Access.
Configure Okta Groups and Policy
- Log in to your Okta organization URL with an administrative account. Then, go to the Directory tab and select Groups from the dropdown menu. Assume that you have a group named MFA, then add users that you want to authenticate with Acceptto MFA to this group.
- Navigate to Security and Authentication. Then, select Sign On tab and click Add New Okta Sign-On Policy.
- In the “Add Policy” window, give a name in the “Policy Name” field and Assign to the Group containing your MFA users then click Create Policy and Add Rule.
- In the “Add Rule” give the rule a name and set up its criteria based on your requirements. Click on the Create Rule button to continue.
Test your setup
- Sign in to your Okta organization URL with the credentials needed to pass Acceptto MFA authentication.
- Okta shows “set up multi0factor authentication” window. Select Acceptto MFA and continue with the proper credential. You will get a push on your It’sMe app. Accept it and finish the setup.
If you require assistance, please email us at email@example.com
Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.
All product names, trademarks, and registered trademarks are the property of their respective owners.
All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.
Okta is either registered trademarks or trademarks of Okta, Inc. and/or one or more of its subsidiaries in the United States and/or other countries.
Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.