Amazon WorkSpaces app configuration
During this task we will add the Amazon WorkSpaces app and then assign the app to groups.
Before you begin
- Ensure that you have the required common UDP port and secret key values available.
Amazon WorkSpaces typically used port 1899 vs the default.
- In Okta, navigate to Applications > Applications > Browse App Catalog, search for Amazon WorkSpaces.
- Click the applications name and then click Add.
- Enter a unique Application label and then click Next.
- In the Sign On tab provide the following:
Cleared (not checked).
UDP Port Required. Typically 1812. Enter the RADIUS application UDP port. Secret Key
Required. Enter the secret key that will be used to encrypt and decrypt the user password.
Must be identical to that used during the gateway configuration.
Application username format From the drop-down, select the appropriate username format.
The UDP Port and Secret key must match between the app, and the client gateway.
- To enable Authentication With AD UPN or AD Sam Account Name:
- if required, select the Sign-on tab.
- Scroll to the Advanced RADIUS Settings > Authentication section.
- Click Edit.
- Check Enable UPN or SAM Account Name Login.
When enabling this setting users assigned this application are required to have their username set to the AD user principal name prior to user assignment to the RADIUS application.
- Click Save.
- On the Sign-on tab scroll to Settings.
- Click Edit.
- From the Application username format select Email, so that users are imported with their full email@example.com value.
- Click Save.
- Click Done when complete.
- Ensure the Assignments tab is selected.
- Click Assign and select Assign to Groups.
- Locate the group you want to assign the application to and click Assign.
- Complete the fields in the Assign Amazon Workspaces to Groups dialog.
Click Save and go back.
The Assigned button for the group is disabled to indicate the application is assigned to the group.
- Optional. Repeat steps 5, 6, and 7 to assign the application to additional groups.
- Click Done.
For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.
- Click Security > Multifactor.
- Select Factor Types tab.
- For each factor being enabled,
- Select the factor, for example Okta Verify.
- Select Activate in the Inactive/Activate drop down.
Note: For active factors this drop down includes Active/deactivate values.
- Configure factor specific settings as appropriate.
- Select the Multifactor tab.
- Click Add Multifactor Policy.
- Name the policy appropriately.
- In Assign to Groups, enter everyone and then click Add.
- For Okta Verify select Required.
- Click Create Policy.
Note; Okta recommends that at a Minimum Okta Verify be specified.
After adding a policy you are directed to Add Rule automatically. You need not add a rule at this time.