Configure the Amazon Web Services app in Okta

The Amazon Web Services (AWS) appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. integration does not support provisioning. This setup under the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab is required to provide API access to Okta in order to download a list of AWS roles to assign during user assignment. The AWS app integration enables you to assign multiple roles to users and pass those roles in the SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. assertion.

  1. On the OktaAdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Applications.

  2. Enter AWS in the Search field.
  3. Click AWS Account Federation and click the Sign On tab.
  4. Click Edit in the Settings section.
  5. In the Advanced Sign-On Settings area, complete these fields:

  1. Click Save.
  2. Click the Provisioning tab and then click Enable API Integration.
  3. Select the Enable API Integration check box and complete these fields:
  1. Optional. Click Test API Credentials to verify API credentials are working.
  2. Click Save.
  3. In the Provisioning to App section, click Edit and select the Enable check box for Create Users.
  4. Click Save.
  5. Click the Assignments tab, click Assign > Assign to People.
  6. Select a user, click Assign, accept the default user name, or enter a user name, select roles, and then click Save and Go Back.

If you see the attribute IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. and Role Pairs (internal attribute), ignore it. It is an internal attribute and it doesn't affect user assignment.

  1. Optional. Repeat step 15 to add additional users.
  2. Click Done.
  3. Log in to your Okta orgThe Okta container that represents a real-world organization. as the test user and then click the AWS app.
  4. Select a role and click Sign In.
  5. Make sure there are no errors and sign in is successful.