Configure Cisco Meraki to interoperate with Okta using RADIUS
This guide details how to configure Cisco Meraki wireless access points to use the Okta RADIUS Server Agent and EAP-TTLS.
For details of the flow between Okta, the RADIUS agent and Cisco Meraki see Cisco Meraki RADIUS integration flow.
Contact Okta Support to have EAP-TTLS support enabled for your Okta org.
Topics
Before you begin
Before installing the Okta RADIUS Agent ensure that you have met these minimum requirements for network connectivity:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, may be changed in RADIUS app install and configuration) | RADIUS traffic between the gateway (client) and the RADIUS Agent (server) |
On using MFA with Cisco Meraki
Okta doesn't recommend using MFA with EAP-TTLS and it has been disabled by default in the Cisco Meraki RADIUS app policy.
While technically possible, MFA with EAP-TTLS may not work correctly due to:
- Timeout and retry configurations on the router and supplicants which cause several push requests to be sent unless the end-user accepts the first push notification quickly.
- Roaming between access points within a zone works with static passwords works as expected, but will result in MFA re-prompts unless Pairwise Master Key caching and Opportunistic Key caching are correctly configured to prevent RADIUS re-authentication.
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent |
|
| Install the Okta RADIUS Agent. | |
| Configure application |
|
| Configure optional settings |
|
| Configure gateway |
|
| Configure devices |
|
Related topics
- Cisco Meraki RADIUS integration flow
- Troubleshoot Cisco Meraki integrations
- SAML vs RADIUS interoperability
- Installing the Okta RADIUS Agent under Windows or Linux.