01-11-2018 06:50 PM
Hello-
I have a customer that is interested in ISE that is currently using OKTA for their 2FA/OTP. They want to know if ISE and OKTA can integrate together to provide:
From what I was able to find on OKTA's support pages and documentation this should not be an issue. It appears that OKTA will just be referenced as an external RADIUS server in ISE (Similarly to other OTP providers such as DUO, RSA, etc). However, I wanted to see if anyone can confirm this.
Thanks!
Neno
Solved! Go to Solution.
01-12-2018 01:01 PM
I have used OKTA on several installs without an issue mostly for VPN authentication. As you said OKTA is just an external RADIUS server to ISE and it runs the whole authentication. You probably want to crank up your RADIUS timeouts to something like 2-3 minutes because depending on the verification OKTA is doing (OKTA App, App Push, SMS Text, call) it can take a while for the person to type in their password.
01-12-2018 07:37 AM
ISE can integrate with any RADIUS token server compliant with RFC 2865. Our teams are not testing OKTA as an OTP so we do not have info which OKTA product(s) work.
01-12-2018 01:01 PM
I have used OKTA on several installs without an issue mostly for VPN authentication. As you said OKTA is just an external RADIUS server to ISE and it runs the whole authentication. You probably want to crank up your RADIUS timeouts to something like 2-3 minutes because depending on the verification OKTA is doing (OKTA App, App Push, SMS Text, call) it can take a while for the person to type in their password.
01-15-2018 09:55 PM
Hey Paul, nice to "hear" from you! Thank you for the reply/confirmation Paul!
Best regards,
Neno
04-19-2018 11:22 AM
To be clear, in that scenario, is the ASA the original RADIUS client and ISE just proxies the RADIUS message back and forth between the Okta agent and ASA?
02-14-2019 02:25 PM
Sorry to barge in to this thread, but it fits right in with the topic at hand...is it possible to use ISE for the Primary authc and authz, and add an OKTA RADIUS agent as a secondary RADIUS server just for the 2nd factor? (I.E. Okta Push)
11-05-2021 01:12 PM
Hi Team,
I have Cisco ISE 3.0 trying to integrate OKTA for 2FA/OTP for RADIUS/TACACS+ based device administration
Authentication via OKTA Push + AD
Authorization Via AD
Can you please help me with any reference configuration ??
04-27-2022 05:58 AM
Thank you so much, is it work well for Cisco CLI MFA authentications? like App Push / approve.? Thank you. !
11-05-2021 01:11 PM
Hi Team,
I have Cisco ISE 3.0 trying to integrate OKTA for 2FA/OTP for RADIUS/TACACS+ based device administration
Authentication via OKTA Push + AD
Authorization Via AD
Can you please help me with any reference configuration ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide