Configure Cisco Meraki
Configure Cisco Meraki wireless access points to use Okta RADIUS Server agent and EAP-TTLS.
See Cisco Meraki RADIUS integration flow for a detailed explanation of the flow between Okta, the Okta RADIUS Server agent, and Cisco Meraki..
Contact Okta Support to have EAP-TTLS support enabled for your Okta org.
Before you begin
Meet the following network connectivity requirements before you install the Okta RADIUS agent:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic. |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, you can change this when you install and configure the RADIUS app) | RADIUS traffic between the gateway (client) and the RADIUS agent (server). |
Limitations
Enroll only a single Okta Verify device. Adding more Okta Verify devices can cause undefined or unexpected behavior.
If you've migrated a RADIUS-configured org from Classic Engine and you configure the Okta Verify authenticator with the number challenge, the challenge may be presented to RADIUS users even though it's not supported. To prevent this, enable the Early Access feature Disable number matching challenge for RADIUS. See Manage Early Access and Beta features.
On using MFA with Cisco Meraki
Okta doesn't recommend using MFA with EAP-TTLS. It's disabled in the Cisco Meraki RADIUS app policy by default.
While technically possible, MFA with EAP-TTLS may not work correctly due to:
- Timeout and retry configurations on the router and supplicants that cause several push requests to be sent, unless the end-user accepts the first push notification quickly.
- Roaming between access points within a zone works with static passwords works as expected, but will result in MFA re-prompts unless Pairwise Master Key caching and Opportunistic Key caching are correctly configured to prevent RADIUS reauthentication.
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent | In the Admin Console, go to . Download the appropriate Okta RADIUS Agent for your environment. For throughput, availability and other considerations, see Okta RADIUS Server Agent Deployment Best Practices. |
| Install the agent | Install Okta RADIUS Server agent on Windows |
| Configure application | Configure the Cisco Meraki Wireless LAN (RADIUS) application. |
| Configure optional settings | Optional. Configure RADIUS to return group information using vendor-specific settings. |
| Configure gateway | Use the Meraki Admin Console configuration tool to configure Cisco Meraki for RADIUS integration. |
| Configure devices | Cisco Meraki supports a number of devices include Apple, Android, and Windows devices. Configure Cisco Meraki wireless clients. |