Amazon Workspace App
The Amazon Workspace appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. allows use of the Okta RADIUS agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. for two-factor authentication on Amazon Workspace or Workdocs account(s). End-users can sign into AWS with any supported factor they have registered with Okta.
- You must have the RADIUS agent installed and configured. For details on installing the agent, see Installing the RADIUS Agent.
Adding the Amazon Workspace App
Adding the RADIUS app is like adding any other app in Okta.
From Applications menu, choose Applications.
On the Applications page, click the Add Application button.
In the left-side search field, enter the keyword Amazon.
From the resulting list, choose Amazon Workspace by clicking the Add button.
Note: If you plan to have more than one app instance, you'll need to change the name for each one. You can change the name later under the General tab.
- Follow the prompts to complete app creation.
Adding App Properties
Once created, you'll land on the app's page.
- Click the Sign On tab.
- Go through the configuration, noting the following elements under Settings:
- AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect.: This check box is disabled by default, as Amazon Workspace apps do not require primary authentication, as Amazon Workspace apps perform primary authentication through the Amazon directory service.
- UDP Port: Each RADIUS app has a unique number. Enter it in this required field.
- Secret Key: In this required field, enter the secret key that will be used to encrypt and decrypt the user password. This key must be identical to what is configured on the VPN server.
- Application username format: Use this drop down to specify the username format for users authenticating to Amazon Workspaces.
Sign on Policy
A default rule exists for the app to allow access to anyone assigned the app from anywhere. Click the Add Rule button to change and add to the default rule.