The Foxpass Developer Hub

Welcome to the Foxpass developer hub. You'll find comprehensive guides and documentation to help you start working with Foxpass as quickly as possible, as well as support if you get stuck.

Get Started    API Reference

Okta / Foxpass password delegation

This describes how to set up Foxpass to delegate password verification to Okta.

1. Create a new Okta user

It's under "Admin", then "Directory", then "Add Person".

Add a user named "Foxpass"

2. Make that user an admin

Go to "Admin", then "Security", then "Administrators". Give the "Foxpass" user Read-Only Admin rights. If you would like to keep 2FA on for requests from Foxpass, give the user Group Admin rights instead.

3. Get that user's API key

Log into Okta as the Foxpass user we created in step 1. Generate an API key using the instructions from http://developer.okta.com/docs/api/getting_started/getting_a_token.

4. Put that API key into Foxpass

Go to the Foxpass 'Authentication Settings' page. Scroll down to "Password authentication delegation". Enable it, and choose Okta.

Enter your Okta site's URL and the API key you generated above.

5. Add 2-factor exemption

Okta's two-factor is compatible with Foxpass's LDAP interface. If you plan to use Foxpass's Cloud RADIUS interfaces, then using 2FA is not recommended because users will be prompted to verify 2FA at least every hour, and possibly every time the user connects to a new access point.

To disable Okta's MFA you need to add our outbound IP addresses to be "in-zone" in Okta.

First, go to the Networks page under the Security header in the admin interface. Add our Okta endpoints to be in an IP zone:
52.5.197.216
35.153.22.124
35.168.179.228
18.206.75.69
52.55.180.22
35.153.120.184

Then, go to the Authentication section under the Security header and select the Sign On tab. Now, add an exemption to any two-factor policy the IP zone you used previously. You can do this by selecting your MFA rule and setting "IF User's IP is: Not In Zone" and selecting the zone you added Foxpass's IP's to. Then you're all good to go!

Okta / Foxpass password delegation


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.