Security

Reply
Highlighted
Occasional Contributor II

Okta MFA

I have been asked if we can use Okta for multifactor authentication of our remote VPNs and other services. I see where Okta can be used for SSO and Onboard, but I would need it for a RADIUS Service. I saw a post from 2017 that says this may be depreciated, but as of 6.7.7 you can add Okta as an auth source type. However, I see no documentation on how to use it. 

 

Can someone shed some light on Okta integration and if it can be used this way?

Guru Elite

Re: Okta MFA

Can you please expand on the end to end workflow?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Okta MFA

Currently, our VPN users are connecting using a combination of their username and code from google authenticator as there username and they use their password as the password. That request goes to clearpass and it forwards to a server that can parse the creds and sends back an accept or deny.

 

Not sure if Okta can do a similar parse or do a push verify to their app when a user tries to connect. 

Guru Elite

Re: Okta MFA

You can deploy the same thing using the Okta RADIUS server configured as a Token Server auth source in ClearPass.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Okta MFA

So it is correct that this will be going away?

image.png

Guru Elite

Re: Okta MFA

Yes, it will. It is not supported and was used for a previous integration that is no longer available.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Okta MFA

Is there any how-to documentation for using 2FA/Token-based authentication for RADIUS supplicants?

Guru Elite

Re: Okta MFA

Do you mean 802.1X workflows?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Okta MFA

Yes for 802.1x, thanks

 

Guru Elite

Re: Okta MFA

There is really no scalable way to do MFA at the supplicant level.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: