Bob Bent

Technology Partner News: Okta MFA for Check Point

Discussion created by Bob Bent Expert on Sep 13, 2018
Latest reply on Jan 30, 2019 by Christopher Rice

Happy to say that Okta has an Okta-certified RADIUS app and posted the integration guide with Check Point on their website. A RADIUS integration is perhaps a small thing, but one thing notable about the integration is this authentication setting: Accept password and security token in the same login request. When MFA is required in the Okta policy and this is enabled, then a user must add a comma to the end of their password, followed by their second factor keyword (such as a One-Time-Password from their Okta Verify app).



This is helpful in some Check Point cases where we don't support RADIUS access-challenge requests following the initial access-request to the RADIUS server. When there is an access-challenge, then our software needs to handle this in an interactive exchange with the user like in this example from our Remote Access VPN client.



Not all of our clients support this.


ClientSupports Challenge-Response
Remote AccessYes
Mobile AccessYes
Captive PortalYes, in R80.20
Gaia OSNo


For those cases where you want MFA and our software doesn't currently support access-challenge, then this is a convenient way to do MFA via adding the second factor in the initial access-request to the RADIUS server.