Test the F5 BIG IP integration

To test the integration:

• Flow
• Test with the BIG-IP Edge Client
• Test Clientless VPN with F5 web portal

Flow

There are two configuration tests for the flows, shown in the following network diagram.

The detailed web sequence is listed below and is illustrated in this diagram.

1. User Logs in with Username/Password
2. Gateway receives data and forwards via Radius to Okta RADIUS Server Agent
3. Okta RADIUS Server Agent sends to Okta Identity Cloud
4. Okta Identify Cloud Determines the Authentication source and responds or optionally forwards to on-prem directory agent
5. Optional: Directory Agent sends Password to Directory
6. Optional: Directory Confirms the password
7. Optional: Directory Agent Confirms the password to Okta Identity Cloud
8. Okta Identity Cloud evaluates the authentication policy and as required sends a message to the Okta RADIUS Server Agent to challenge the user for a factor
9. The Okta RADIUS Server Agent relays the challenge message to the Gateway
10. The Gateway displays a message to select a factor to the user
11. User supplies the desired factor
12. Gateway receives data and forwards via Radius to Okta RADIUS Server Agent
13. Okta RADIUS Server Agent sends to Okta Identity Cloud
14. Okta Identify Cloud evaluates the Choice and triggers the appropriate response (push message shown)
15. Push message is received and Responded to by the user
16. Success Message returned to the Okta RADIUS Server Agent
17. Success Message returned to the gateway
18. Connected

Test with the BIG-IP Edge Client

1. Open the BIG-IP Edge Client.

2. Select the server, and enter your username, password, and factor (OTP value or out of band keyword), as shown below.

   

   Note: The username must be in the format you specified when you added the app in Okta in Part 2, above.

3. Click Connect.

4. Note: When using sms or call, the first login fails, but triggers the delivery of a call or sms code. Initiate another logon with that information. The image in step 2 shows the failure message. This is expected.

5. After successfully completing the challenge you are connected, as shown below. If you entered an incorrect value or you take too long to respond to the push notification, you receive the message, "The user name or password is not correct. Please try again."

   

Test Clientless VPN with F5 web portal

1. Navigate to the F5 portal.

2. Select the server, and enter your username, password, and factor (OTP value or out of band keyword), as shown. The username must be in the format you specified when you added the app in Okta in Part 2, above.

   

3. Click Logon.

4. Note: When using sms or call, the first login fails, but triggers the delivery of a call or sms code. Initiate another login with that information.

5. After successfully completing the challenge you are connected, as shown below. If you entered an incorrect value or take to long to respond to the push notification, you receive the message, "The username or password is not correct. Please try again. (error: Access-Reject)"