Amazon WorkSpaces with MFA User Experience

The Amazon Workspace with MFA end user experience should be similar to the original client experience before integrating with RADIUS. However end users will now be prompted for an additional validation factor after the login with their normal credentials.

The following describes the user experience once integration with RADIUS is complete.

Topics

• Okta MFA enrollment
• AWS Workspace + Okta MFA Challenge

 

Okta MFA enrollment

1. End user receives an activation link in the inbox.
   

Note: you can fully customize the email template from Okta admin console.

2. When a user clicks on the activation link they are directed to the onboarding page:
   

3. When a user clicks on the activation link they are directed to the onboarding page:
   

4. User can click on Configure factor and select a mobile OS::
   

5. User downloads Okta Verify app on their mobile device. Opens the app and scans the barcode displayed on the laptop:
   

6. Okta Verify self-enrollment is complete when user clicks on Finish
   User may choose to configure additional factors.
   

Note: When complete the user is redirected to the Okta dashboard.

AWS Workspace + Okta MFA Challenge

1. Once Okta MFA is enabled within the AWS Workspace, end users will see a MFA field on their workspace sign in page similar to:
   

2. The MFA code can be used in 2 ways:

   1. You can enter the Okta Verify OTP that is displayed on your enrolled mobile phone in Okta Verify App.
      Click on your username in the mobile app to display the OTP. If you enter username+password and Okta Verify OTP as MFA code, you'll be signed in automatically.
      

   2. You can enter push as value.
      If you enter username+password and push as MFA code: you will receive a push notification on your enrolled mobile phone. Once you approve, you'll be signed in automatically in your workspace instance.