Configure Amazon WS Workspace to interoperate with Okta via RADIUS
AWS Workspaces (AWSW) supports RADIUS for MFA authentication.
The Amazon Workspace app allows use of the Okta RADIUS agent for multi-factor authentication on Amazon Workspaces. End-users can sign into Amazon Workspaces using factors registered with Okta. This integration shows how to configure AWS Workspaces using Active Directory to support authentication using Okta MFA and Okta Verify Push..
Topics
- Before you begin
- Configure Amazon WS Workspace to interoperate with Okta via RADIUS
- Typical workflow
Before you begin
Before installing the Okta RADIUS Agent ensure that you have met these minimum requirements for network connectivity:
Source | Destination | Port/Protocol | Description |
---|---|---|---|
Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic |
Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, may be changed in RADIUS app install and configuration) | RADIUS traffic between the gateway (client) and the RADIUS Agent (server) |
In addition, you must configure Amazon Web Services as:
In addition, you must configure Amazon Web Services as: |
---|
Amazon Web Services instances, configured as:
|
AWS Directory Service instance, configured and pointing to Instance A, running Active Directory. Note: You must have the Directory ID of the AWS Directory Service. The Directory ID is used to determine the name of the Security Group. Note: The AWS Directory service will require the private IP address of Instance B to delegate the MFA challenge over RADIUS. If that private IP changes the AWS Directory MFA configuration must be updated to reflect the new private IP. |
Typical workflow
Task |
Description |
---|---|
Configure AWS |
|
Download and install the RADIUS agent |
|
Create inbound AWS rules |
|
Configure application |
|
Configure Amazon Workspaces for MFA |
|
Provision Users |
|
Related topics
- Amazon Web Servires user experience
- SAML vs RADIUS interoperability
- Installing the Okta RADIUS Agent under Windows or Linux.