Configure Okta as the AWS account identity provider

In order to use SAML for AWS, you have to set up Okta as an identity provider in AWS and establish the SAML connection.

  1. Add the AWS app to Okta if it has not been added previously:
    1. In the Admin Console, go to Applications > Applications.
    2. Click Add Application.
    3. In the Search for an application field, enter AWS.
    4. Select Add for the AWS Account Federation
    5. In the General Settings page, accept or edit the default values and click Next.
    6. In the Sign On Methods section of the Sign-On Options pane, select SAML 2.0
    7. Click Done.
  1. Download the identity provider metadata file:
    1. In the Admin Console, go to Applications > Applications.
    2. Enter AWS in the Search field.
    3. Click the AWS application you added in step 1 and click the Sign On tab.
    4. Click Edit in the Settings section and select SAML 2.0.
    5. Right-click the Identity Provider metadata link below the View Setup Instructions button and select Save Link As.
    6. Browse to a location to save the file, enter a file name, and click Save.
  2. Sign-in to the AWS Management Console.

  3. Go to Identity and Access Management (IAM) Service.

  4. Select Identity Providers in the menu bar.

  5. Click Create Provider to create a new instance.

  6. On the Configure Provider screen, enter the following:

    • Provider Type: Select SAML from the dropdown menu.

    • Provider Name: Enter the name of your preference; for example, Okta.

    • Metadata Document: Click download and then select the metadata file you created in step 1.

  7. Finish provider configuration.

  8. Locate the Identity Provider you just created in the list of Identity Providers and copy its Provider ARN value. You will need it later during this configuration.

Next steps

Add Okta as a trusted source for AWS roles