Amazon Workspace App

The Amazon Workspace appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. allows use of the Okta RADIUS agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. for two-factor authentication on Amazon Workspace or Workdocs account(s). End-users can sign into AWS with any supported factor they have registered with Okta.


Adding the Amazon Workspace App

Adding the RADIUS app is like adding any other app in Okta.

  1. From Applications menu, choose Applications.

  2. On the Applications page, click the Add Application button.

  3. In the left-side search field, enter the keyword Amazon.

  4. From the resulting list, choose Amazon Workspace by clicking the Add button.

Note: If you plan to have more than one app instance, you'll need to change the name for each one. You can change the name later under the General tab.

  1. Follow the prompts to complete app creation.

Adding App Properties

Once created, you'll land on the app's page.

  1. Click the Sign On tab.

  1. Go through the configuration, noting the following elements under Settings:
  • UDP Port: Each RADIUS app has a unique number. Enter it in this required field.
  • Secret Key: In this required field, enter the secret key that will be used to encrypt and decrypt the user password. This key must be identical to what is configured on the VPN server.
  • Application username format: Use this drop down to specify the username format for users authenticating to Amazon Workspaces.

Sign on Policy

A default rule exists for the app to allow access to anyone assigned the app from anywhere. Click the Add Rule button to change and add to the default rule.