Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
162
Views
1
Helpful
1
Replies

TACACS+ Server > okta integration for 2 MFA

Go to solution
Yuvi1983
Level 1
Level 1

‎01-09-2025 09:20 PM

Hi All, 

I have the following situation, 

Today using the TACACS+ server (Linux based) for the TACACS user accounts on this server.

This server ip is configured on the Cisco devices

------------------------------------------------------------- 

tacacs-server host <TACACS server ip> key 7 xxxxxxxxxxxxx
aaa group server tacacs+ TAC
server <TACACS server ip>
source-interface Vlan3500

--------------------------------------------------------------------------------------------------------------

Able to access the Network devices via SSH 

Having new requirement > Enable the 2 factor authentications for Cisco devices.

How to enable the 2 Factor authentication using the OKTA PAM solution.?

Is the Existing TACACS+ server (Linux Server) is enough to activate the 2 Factor while integration with OKTA PAM? 

Trying to achieve this using the Existing TACACS+ SERVER ..is this really possible please? 

Any ref documentation /step will be great help.

Any additional suggestions?

------------------------------------------------------------------------------------------------------------- 

Note1: I am not having Cisco ISE 

Additionally, I have Cisco DUO 

Note2: OKTA PAM is NOT mandatory to achieve this 2-factor authentication for Cisco Devices 

Goal is to achieve the 2 Factor authentications for Cisco devices 

Any help will greatly appreciate please 

Thanks & Best Regards

Yuvi

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎01-10-2025 03:06 AM

@Yuvi1983 

MFA does not required any change on the device side rather then pointing to the TACACS server. If you can authenticate using SSH, the device is ready for MFA. All the work must be done on the TACACS Server side.

If you use OKTA , I believe you need to find their forum and ask for support.

View solution in original post

1 Reply 1

Go to solution
Flavio Miranda
VIP
VIP

‎01-10-2025 03:06 AM

@Yuvi1983 

MFA does not required any change on the device side rather then pointing to the TACACS server. If you can authenticate using SSH, the device is ready for MFA. All the work must be done on the TACACS Server side.

If you use OKTA , I believe you need to find their forum and ask for support.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card