Amazon WorkSpaces app configuration
During this task we will add the Amazon WorkSpaces app and then assign the app to groups.
Before you begin
- Ensure that you have the required common UDP port and secret key values available.
- In the Admin Console, go to .
- Click Browse App Catalog.
- Search for Amazon WorkSpaces, select it, and then click Add Integration.
- Enter a unique application label and click Next.
- In the Sign On tab do the following:
- Clear the Authentication checkbox.
- Enter a UDP Port (for example, 1812). The UDP port values of the app and the client gateway must match.
- Enter the Secret Key to use to encrypt the user password. The secret key for the app and the client gateway must match.
- Select an appropriate username format from the Application username format dropdown list.
- To enable authentication with AD UPN or AD Sam account name:
- Select the Sign On tab.
- Scroll to the Advanced RADIUS Settings section.
- Click Edit.
- In the Authentication section, select Enable UPN or SAM Account Name Login.
When you enable this setting, users that are assigned this application must have their username set to the AD user principal name prior to being assigned the RADIUS application.
For the SAM Account Name to be used successfully, it must have the same prefix as the UPN.
- Click Save.
- Scroll to the Settings section of the Sign On tab.
- Click Edit.
- Select Email from the Application username format dropdown list to import users are imported with their full firstname.lastname@example.org value.
- Click Save.
- Click Done when complete.
Assign app to groups
- Select the Assignments tab.
- Click Assign and select Assign to Groups.
- Locate the group you want to assign the app to and click Assign.
- Complete the fields in the Assign Amazon Workspaces to Groups dialog.
- Click Save and go back. The Assigned button for the group is disabled to indicate the app is assigned to the group.
- Optional. Assign the app to additional groups by repeating steps 3 through 5.
- Click Done.
For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.
Configure MFA factors
- Click Security > Multifactor.
- Select Factor Types tab.
- For each factor being enabled,
- Select the factor, for example Okta Verify.
- Select Activate in the Inactive/Activate drop down.
Note: For active factors this drop down includes Active/deactivate values.
- Configure factor specific settings as appropriate.
- Select the Multifactor tab.
- Click Add Multifactor Policy.
- Name the policy appropriately.
- In Assign to Groups, enter everyone and then click Add.
- For Okta Verify select Required.
- Click Create Policy.
Note; Okta recommends that at a Minimum Okta Verify be specified.
After adding a policy you are directed to Add Rule automatically. You need not add a rule at this time.