Reviewing your Okta logs for a tenant, you observe many Deny entries for the IP address where the Okta RADIUS agent is installed.
Cause
Okta ThreatInsight blocks all connections where requests appear suspicious, and no network zone exemption has been configured for the IP address of the Okta RADIUS agent.
Resolution
Add the RADIUS agent's IP address as an exempt network zone for Okta ThreatInsight:
Deep Link (recommended) or log in to the Okta Admin Console and navigate to Security > Networks.
Click Add Zone > IP Zone.
Provide a meaningful Name for the zone, such as "RADIUS Agent".
Enter the IP address to allow and click Save.
Navigate to Security > General, scroll down to Okta ThreatInsight settings, and click Edit.
Under Exempt Zones, add the network zone you just created.
Click Save.
Note that it can take up to 40 minutes for the IP to propagate in Okta, though it is typically updated much faster. For more information on managing blocked IPs in ThreatInsight, see How to Unblock an IP Address that is Blocked by ThreatInsight. 
If the steps above do not resolve the issue, contact ZeroTek Support at [email protected].