Add the Amazon WorkSpaces app

This topic describes how to add the Amazon WorkSpaces app and then assign it to groups.

Before you begin

Ensure that you have the required common UDP port and secret key values available.

Add the app

  1. In the Admin Console, go to ApplicationsApplications.
  2. Click Browse App Catalog.
  3. Search for and select Amazon Workspaces, and then click Add Integration.
  4. Enter a unique app label, and then click Next.
  5. Select the Sign-On Options tab, and then do the following actions:
    1. Select the Okta performs primary authentication checkbox.
    2. UDP Port: Enter a port number, like 1812. The UDP port values of the app and the client gateway must match.
    3. Secret Key: Enter the secret key that's used to encrypt the user password. The secret key for the app and the client gateway must match.
    4. Application username format: Select an appropriate username format from the dropdown list.
    5. Update application username on: Determine when the username is updated in the app. You can update it when it's created, or when it's created and updated.
  6. Enable an authentication protocol:
    1. Scroll to the Authentication Protocol section of the Sign On tab.
    2. Click Edit.
    3. Select an authentication protocol:
      • Use EAP-TTLS authentication: Upload the server certificate chain and entity private key. See About certificates. Enter the password used to protect the certificate and key. Okta recommends password-protecting certificates and keys. Select the Transport Layer Security (TLS) version.
      • Use PAP authentication: Select this option to use Password Authentication Protocol (PAP) authentication. When you select this option, the Require Message-Authenticator for incoming client requests checkbox appears. Select this option to require and verify the Message-Authenticator attribute and create a more secure authentication process.
    4. Click Save.

Assign the app to groups

  1. On the app page, click the Assignments tab.
  2. Click AssignAssign to Groups.
  3. Find the group that you want to assign the app to and click Assign.
  4. Repeat for any additional groups.
  5. Click Done.

For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.

Configure the MFA factors

  1. In the Admin Console, go to SecurityMultifactor.

  2. Select the Factor Types tab.
  3. Do these steps for each factor that you want to enable:
    1. Select the factor, for example, Okta Verify.
    2. If a factor is inactive, Inactive appears. Click Inactive and then select Activate. If a factor is active, Active appears. Continue to the next step.
    3. Configure the factor. See MFA factor configuration.

    At minimum, activate and configure Okta Verify.

  4. Select the Factor Enrollment tab.
    1. Click Add Multifactor Policy.
    2. Enter a name for the policy.
    3. In Assign to groups, start entering the word Everyone, and then select it when it appears.
    4. Select Required from the dropdown menu beside each factor that you want to activate.
    5. Click Create policy. The Add Rule page appears. See Configure an MFA enrollment policy.