Aviatrix VPN gateway supports Okta authentication as part of multi-factor authentication for OpenVPN® access. Following are the steps.
1.0 Log in into your Okta account as Super Admin. This allows the privilege to create a Token for API access by Aviatrix gateway.
2.0 If you have not created users for VPN access, go to “Directory” -‐> “People” to create an account for VPN user. In this example, the account name is firstname.lastname@example.org
3.0 At Aviatrix Controller, go to “Gateway” to create a gateway with “VPN Access” enabled. Select “Okta” for “Two-‐step Authentication” and enter Okta related fields as following:
URL: Your Okta account login URL. (For example, https://aviatrixdt.okta.com)
Token: Token string copied from Step 1.
Username Suffix (Optional): In this example, “aviatrix.com” was entered. If Username Suffix is provided, users should enter their account ID without the domain name when logging in from the VPN Client. For example, if your Okta account is email@example.com and “aviatrix.com” as Username Suffix, you should enter “demoaviatrix” as your VPN username when prompted for username by OpenVPN® Client. If Username Suffix is not provided, you must enter firstname.lastname@example.org, as shown below.
- 4.0 Enable MFA (Optional)
- Since Aviatrix Okta authentication uses API authentication, it uses the default sign on policy of Okta. If you have configured Multi factor Authentication in your Okta app (Security->Authentication->Sign On->Default Policy->Add rule->Prompt for factor), then during VPN login, the end user needs to append his 6 digit one time token to the password during authentication.
OpenVPN is a registered trademark of OpenVPN Inc.