Amazon WorkSpaces app configuration

Use the following procedures to configure the Amazon WorkSpaces app:

Before you begin

Ensure that you have the required common UDP port and secret key values available.

Add the app

  1. In the Admin Console, go to ApplicationsApplications.
  2. Click Browse App Catalog.
  3. Search for IMA OIN App name, select it, and then click Add Integration.
  4. Enter a unique application label and click Next.
  5. In the Sign On tab do the following:
    • Select the Authentication checkbox.
    • Enter a UDP Port (for example, 1812). The UDP port values of the app and the client gateway must match.
    • Enter the Secret Key to use to encrypt the user password. The secret key for the app and the client gateway must match.
    • Select an appropriate username format from the Application username format dropdown list.
  6. To enable authentication with Active Directory (AD) UPN or AD Sam account name:
    1. Select the Sign On tab.
    2. Scroll to the Advanced RADIUS Settings section.
    3. Click Edit.
    4. In the Authentication section, select Enable UPN or SAM Account Name Login.

      Users assigned this app must have their username set to the AD user principal name before being assigned the RADIUS app.

      For the SAM account name to be used successfully, it must have the same prefix as the UPN.

    5. Click Save.
    6. Scroll to the Settings section of the Sign On tab.
    7. Click Edit.
    8. Select Email from the Application username format dropdown list to import users are imported with their full value.
    9. Click Save.

Assign the app to groups

  1. Select the Assignments tab.
  2. Click AssignAssign to Groups.
  3. Find the group that you want to assign the app to and click Assign.
  4. Repeat for any additional groups.
  5. Click Done.

For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.

Configure MFA factors

  1. In the Admin Console, go to SecurityAuthenticators.

  2. From the Add Authenticator dialog, select a factor. For example Okta Verify.
  3. Configure factor-specific settings as appropriate.
  4. Okta recommends that you specify Okta Verify at a minimum.

  5. Select the Enrollment tab.
  6. Click Add Multifactor Policy.
  7. Name the policy.
  8. In Assign to Groups, enter one or more group names.
  9. For each factor select Required. For example, Okta Verify.
  10. Click Create Policy.