Aviatrix VPN gateway supports Okta authentication as part of multi-factor authentication for OpenVPN access. Following are the steps.
1.0 Log in into your Okta account as Super Admin. This allows the privilege to create a Token for API access by Aviatrix gateway.
2.0 If you have not created users for VPN access, go to “Directory” -‐> “People” to create an account for VPN user. In this example, the account name is email@example.com
3.0 At Aviatrix Controller, go to “Gateway” to create a gateway with “VPN Access” enabled. Select “Okta” for “Two-‐step Authentication” and enter Okta related fields as following:
URL: Your Okta account login URL. (For example, https://aviatrixdt.okta.com)
Token: Token string copied from Step 1.
Username Suffix (Optional): In this example, “aviatrix.com” was entered. If Username Suffix is provided, users should enter their account ID without the domain name when loggin in from the VPN Client. For example, if your Okta account is firstname.lastname@example.org and “aviatrix.com” as Username Suffix, you should enter “demoaviatrix” as your VPN username when prompted for username by OpenVPN Client. If Username Suffix is not provided, you must enter email@example.com, as shown below.