Add the Amazon WorkSpaces app

This topic describes how to add the Amazon WorkSpaces app and then assign it to groups.

Before you begin

Ensure that you have the required common UDP port and secret key values available.

Topics

Add the app

  1. In the Admin Console, go to ApplicationsApplications.
  2. Click Browse App Catalog.
  3. Search for AWS WorkSpaces, select it, and then click Add Integration.
  4. Enter a unique app label, and then click Next.
  5. Select the Sign-On Options tab, and then do the following actions:
    • Select the Authentication checkbox.
    • Enter a UDP Port number, like 1812. The UDP port values of the app and the client gateway must match.
    • Enter the Secret Key to use to encrypt the user password. The secret key for the app and the client gateway must match.
    • Select Email from the Application username format dropdown list to import users with their full username@domain.com value.
  6. Click Save in the Settings section.
  7. Enable EAP-TTLS authentication:
    1. Scroll to the Authentication Protocol section of the Sign On tab.
    2. Click Edit.
    3. Select Use EAP-TTLS authentication.
    4. Upload the server certificate chain and entity private key. See About certificates.
    5. Enter the password used to protect the certificate and key. Okta recommends password-protecting certificates and keys.
    6. Select the TLS version.
    7. Click Save.

Assign the app to groups

  1. Select the Assignments tab.
  2. Click Assign and select Assign to Groups.
  3. Locate the group that you want to assign the app to and click Assign.
  4. Complete the fields in the Assign Amazon Workspaces to Groups dialog.
  5. Click Save and go back. The Assigned button for the group is disabled to indicate the app is assigned to the group.
  6. Optional. Assign the app to more groups by repeating steps 3 through 5.
  7. Click Done.

For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.

Configure MFA factors

  1. In the Admin Console, go to SecurityMultifactor.

  2. Select the Factor Types tab.
  3. For each factor being enabled,
    1. Select the factor, for example Okta Verify.
    2. Select Activate in the Inactive/Activate dropdown menu.

      Note: For active factors this drop down includes Active/deactivate values.

    3. Configure factor-specific settings as appropriate.

    At minimum, enable and configure Okta Verify.

  4. Select the Multifactor tab.
    1. Click Add Multifactor Policy.
    2. Name the policy appropriately.
    3. In Assign to Groups, enter everyone and then click Add.
    4. For Okta Verify select Required.
    5. Click Create Policy.

    After adding a policy you're directed to Add Rule automatically.