Okta Authentication

Aviatrix VPN gateway supports Okta authentication as part of multi-­factor authentication for OpenVPN access. Following are the steps.

1.0 Log in into your Okta account as Super Admin. This allows the privilege to create a Token for API access by Aviatrix gateway.

1.1 Go to “Security” -­‐> “API” -­‐> “Create Token”. Give the token a name, for example, Aviatrix, and copy the token string. You’ll need the token string for Aviatrix gateway API access to Okta.

image1

2.0 If you have not created users for VPN access, go to “Directory” -­‐> “People” to create an account for VPN user. In this example, the account name is demoaviatrix@aviatrix.com

image2

3.0 At Aviatrix Controller, go to “Gateway” to create a gateway with “VPN Access” enabled. Select “Okta” for “Two-­‐step Authentication” and enter Okta related fields as following:

  • URL: Your Okta account login URL. (For example, https://aviatrixdt.okta.com)

  • Token: Token string copied from Step 1.

  • Username Suffix (Optional): In this example, “aviatrix.com” was entered. If Username Suffix is provided, users should enter their account ID without the domain name when loggin in from the VPN Client. For example, if your Okta account is demoaviatrix@aviatrix.com and “aviatrix.com” as Username Suffix, you should enter “demoaviatrix” as your VPN username when prompted for username by OpenVPN Client. If Username Suffix is not provided, you must enter demoaviatrix@aviatrix.com, as shown below.

    image3