Configure the Sophos USM gateway

During this task we will configure Sophos USM to use the Sophos UTM RADIUS OIN app.

There are four parts to this configuration:

Before you begin

Sign in to the Sophos UTM Web Admin console with sufficient privileges.
Navigate to Definitions & Users > Authentication Services, and then click Add to define a new RADIUS server.
On the Global Settings tab check the box to Create users automatically, as shown below.
In the Automatic User Creation for Facilities check the appropriate facilities for your environment, as shown above.

Recommendation: Select Client Authentication and End-User Portal.

In the Sophos UTM Web Admin console, navigate to Definitions & Users > Authentication Services, and select the Servers tab. The screen shown below opens.
Click the New Authentication Server... button.
Enter the following information:
- Backend: RADIUS
- Postion: Top
Server
- Name: Unique and appropriate name; for example OktaMFA
- Type: Host
- IPv4 address: IP address of the Okta RADIUS Server Agent
Advanced
- Interface: The appropriate interface for your environment
- Port: The UDP Port defined in Part 2, step 3, above; for example, 1815
- Shared Secret: The Secret Key defined in Part 2, step 3, above
Advanced
- Authentication timeout (sec): 60
When done, click Save

In the Sophos UTM Web Admin console, navigate to Definitions & Users > Users & Groups, and select the Groups tab. The screen shown below opens.
Click New Group….
Enter the following information in the Add Group section:
- Group Name: Unique and appropriate name, such as Okta RADIUS Users
- Group Type: Backend Membership
- Backend: RADIUS
Click Save to save the settings.

In the Sophos UTM Web Admin console, navigate to Remote Access, and select the desired connection method. The screen shown below opens.
Click New HTML5 VPN Portal Connection... or use an existing connection.
Add the group you created in Step 3 to the Users and Groups or Allowed Users (Userportal) list.