Generate the AWS API access key

In the AWS master account, you need to create an AWS user with specific permissions so Okta can dynamically fetch a list of available roles from your accounts. This makes assigning users and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to specific AWS roles easy and secure for administrators.

  1. On the AWS Management Console, click Users in the left pane and then click Add user.

  2. Enter a user name in the User name field. For example, OktaSSOuser.

  3. Select Programmatic access for Access type and then click Next: Permissions.

  4. Click Attach existing policies directly and then Create policy.

    The Create policy page opens in a new browser tab.

  5. Click the JSON tab.

  6. Delete the existing code in the JSON tab and replace it with the following code:

    {

    "Version": "2012-10-17",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "iam:ListRoles",

    "iam:ListAccountAliases"

    ],

    "Resource": "*"

    }

    ]

    }

  7. Click Review policy.

  8. Enter a name and optional description for the policy. For example, OktaMasterAccountPolicy.

  9. Click Create Policy.

    The appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. returns you to the first browser tab where you can continue assigning policies to your IAM user.

  10. Click the first IAM Management Console browser tab.

  11. Make sure that Attach existing policies directly is selected.

  12. Click the Refresh button, enter the name of the policy you created in the search field, and select the policy.

  13. Click Next: Tags.

  14. Optional. Add descriptive tags for the user and click Next: Review.

  15. Click Create user.

  16. Copy the keys in the Access key ID and Secret access key columns and click Close. You'll need these keys to complete the configuration.

    This is the only time that you can view and copy the keys.

Top