Amazon Workspace App

Overview

AWS Workspaces (AWSW) supports RADIUS for MFA authentication.

The Amazon Workspace app allows use of the Okta RADIUS agent for multi-factor authentication on Amazon Workspaces. End-users can sign into Amazon Workspaces using factors registered with Okta. This integration shows how to configure AWS Workspaces using Active Directory to support authentication using Okta MFA and Okta Verify Push..

Amazon Workspaces and Okta MFA over RADIUS architecture
Amazon Workspace and Okta MFA over RADIUS architecture

Prerequisites

  • Amazon Web Services instances, configured as:
    • Instance A - represents the Amazon Directory Service virtual machine instance.
    • Instance B - represents the Windows 2012r2 host where the Okta RADIUS agent will be installed.
      The AWS Directory Service will require the private IP address of Instance B to delegate the MFA challenge over RADIUS..
  • AWS Directory Service instance, configured and pointing to Instance A, running Active Directory.
    Note: You must have the Directory ID of the AWS Directory Service. The Directory ID is used to determine the name of the Security Group.

Note: The AWS Directory service will require the private IP address of Instance B to delegate the MFA challenge over RADIUS. If that private IP changes the AWS Directory MFA configuration must be updated to reflect the new private IP.