Amazon Workspace App


AWS Workspaces (AWSW) supports RADIUS for MFA authentication.

The Amazon Workspace appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. allows use of the Okta RADIUS agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. for multi-factor authentication on Amazon Workspaces. End-users can sign into Amazon Workspaces using factors registered with Okta. This integration shows how to configure AWS Workspaces using Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. to support authentication using Okta MFA and Okta Verify Push..

Amazon Workspaces and Okta MFA over RADIUS architecture
Amazon Workspace and Okta MFA over RADIUS architecture


  • Amazon Web Services instances, configured as:
  • AWS Directory Service instance, configured and pointing to Instance A, running Active Directory.
    Note: You must have the Directory ID of the AWS Directory Service. The Directory ID is used to determine the name of the Security Group.

Note: The AWS Directory service will require the private IP address of Instance B to delegate the MFA challenge over RADIUS. If that private IP changes the AWS Directory MFA configuration must be updated to reflect the new private IP.