Hello Peplink team! I have a very exciting, high profile client, requesting OKTA MFA. Their specific request is for when locally accessing a GUI by Ethernet. They’ll be utilizing the BR1 Mini Core, due to their security requirements. Is this something we can work on for them?
3 Likes
Why not a SFE/BR2 mini? You can do better than that 
Are you talking about the - admin dashboard of the device?
In transparency I work for Okta as Product Manager, not the team responsible for MFA or integrations, but I have knowledge of what would be required.
There are a number of ways to solve this:
-
the peplink device would be “an app” in the okta ecosystem - SAML or OIDC. MFA could then be configured as part of the Authentication Policy. (this is the preferred way)
-
the customer could deploy a Okta RADIUS Listener within their environment - and that RADIUS endpoints would effectively be another app in the customer ecosystem, enabling them to use Authentication Policy. In this scenario peplink would just be using RADIUS. because its RADIUS it would be limited to certain factors. You would not be able to use things like YUBIKey, PassKeys, WebAuthn or FastPass.
-
Some vendors have builts custom integrations using Okta API’s. The integration for that would involve generating a service account and embedding that into the integration on the peplink side. (this is least preferred way)
1 Like
Eric, yes exactly. Thanks for the very thorough instructions, I really appreciate that.
If you mean to secure the BR1 Mini Core devices with Okta, setup a RADIUS app in Okta, add that RADIUS info to the device, then set the admin login to use that server.
You can use it for remote user vpn as well with peplink, but you need a much larger device.
And then you can also use Okta RADIUS (or LDAP) with the built in captive portal to secure access to the network through a BR1 Mini Core.