After mapping Amazon Web Services (AWS) role groups to entitlements, you need to assign all AWS management groups to the AWS app in Okta. If you have provisioning enabled and you can't assign a management group, disable provisioning and then assign all AWS management groups to the AWS app in Okta.
In the Admin Console, go to Applications > Applications.
- Enter AWS in the Search field.
- Click AWS Account Federation and click the Assignments tab.
Click Assign > Assign to Groups.
- For each AWS management group, click Assign.
- Click Done.
Users are automatically assigned to AWS and can access the entitlements you defined.
- Verify that users can access AWS from their Okta Dashboard and sign-on works as expected.