Amazon Workspaces with MFA User Experience

The Amazon Workspace with MFA end-user experience should be similar to the original client experience before integrating with RADIUS. However, end users are now prompted for an extra validation factor after they sign in with their normal credentials.

The following describes the user experience once integration with RADIUS is complete.

Okta MFA enrollment

  1. End user receives an activation link in their inbox.

    MFA Enrollment welcome email.

    Note: you can fully customize the email template in the Admin Console.

  2. When a user clicks the activation link they're directed to the onboarding page:

    MFA Onboarding.

  3. When a user clicks the activation link they're directed to the onboarding page:

    MFA Onboarding.

  4. User can click Configure factor and select a mobile OS:

    MFA Onboarding.

  5. User downloads the Okta Verify app on their mobile device. The user opens the app and scans the QR code displayed on their monitor:

    MFA Onboarding. MFA Onboarding.

  6. Okta Verify self-enrollment is complete when user clicks Finish. User can choose to configure other factors.

    MFA Onboarding.

    Note: When complete, the user is redirected to the Okta dashboard.

AWS Workspace + Okta MFA Challenge

  1. After Okta MFA is enabled within the AWS Workspace, end users see an MFA field on their workspace sign-in page similar to:

  2. The MFA code can be used in two ways:

    1. You can enter the Okta Verify OTP that is displayed on your enrolled mobile phone in the Okta Verify app. Click your username in the mobile app to display the OTP. If you enter username+password and Okta Verify OTP as your MFA code, you'll be signed in automatically.

    2. You can enter push as value. If you enter username+password and push as your MFA code, you'll receive a push notification on your enrolled mobile phone. After you approve, you'll be signed in automatically to your workspace instance.