Solved: ISE - OKTA as external radius server

Madura Malwatte · ‎07-28-2020

Need some help to shed some light on the below errors.

I have Okta for MFA set up as an external radius server on ISE (i think here lies my problem, as other users on here have mentioned configuring Okta as radius token instead). I'll try radius token, but for now Okta is currently set up as an external radius server on ISE and I get an access reject back from Okta with the following error seen in the ISE radius live logs: "Authentication failed for user user@company.com, reason --- Access-Request failed, error: Request failed at step=DURING_MFA_POLL_LOOP. Time-out".. Anyone know what this MFA_POLL_LOOP timeout is?

In other instances I see this error in the live logs: "5405 RADIUS Request dropped - 11353 No more external RADIUS servers; can't perform failover"

Madura Malwatte · ‎07-28-2020

I was able to get this working setting up Okta as a RADIUS Token Server on ISE. Not sure why RADIUS proxy doesn't work, must be the Okta side.

View solution in original post

hslai · ‎11-08-2021

Please follow one of the existing guides, that also use RADIUS token servers.

For example, How to Deploy ISE Device Admin with Duo MFA

View solution in original post

Madura Malwatte · ‎07-28-2020

I was able to get this working setting up Okta as a RADIUS Token Server on ISE. Not sure why RADIUS proxy doesn't work, must be the Okta side.

Mustafa9046 · ‎11-05-2021

Hi Madura Malwatte,

I am trying to Add OKTA to ISE 3.0 as Radius Token server

I want to use OKTA for authentication on Device Admin and use AD for Authorization

Can you please me with some reference document or share some Steps/Screenshots ???

hslai · ‎11-08-2021

Please follow one of the existing guides, that also use RADIUS token servers.

For example, How to Deploy ISE Device Admin with Duo MFA