Amazon WorkSpaces app configuration

During this task we will add the Amazon WorkSpaces app and then assign the app to groups.

Before you begin

  • Ensure that you have the required common UDP port and secret key values available.

Topics

Add app

  1. In Okta, navigate to Applications > Applications > Browse App Catalog, search for Amazon WorkSpaces, and then click Add.
  2. Enter a unique Application label and click Next.
  3. In the Sign On tab provide the following:
    FieldValue
    AuthenticationCleared (unchecked).
    UDP PortRequired. Typically 1812. Enter the RADIUS application UDP port.
    Secret KeyRequired. Enter the secret key that will be used to encrypt and decrypt the user password.

    Must be identical to that used during the gateway configuration.

    Application username formatSelect the appropriate username format from the dropdown list.

    The UDP Port and Secret key must match between the app, and the client gateway.

  4. To enable Authentication With AD UPN or AD Sam Account Name:
    1. If required, select the Sign-on tab.
    2. Scroll to the Advanced RADIUS Settings > Authentication section.
    3. Click Edit.
    4. Check Enable UPN or SAM Account Name Login.

      When enabling this setting users assigned this application are required to have their username set to the AD user principal name prior to user assignment to the RADIUS application.

    5. Click Save.
    6. On the Sign-on tab scroll to Settings.
    7. Click Edit.
    8. From the Application username format select Email, so that users are imported with their full username@domain.com value.
    9. Click Save.

Assign app to groups

  1. Ensure the Assignments tab is selected.
  2. Click Assign > Assign to Groups.
  3. Locate the group you want to assign the application to and click Assign.
  4. Repeat for any additional groups.
  5. Click Done.

For additional information, including guidance on advanced authentication and adaptive multifactor configuration options, see Using the Okta RADIUS App.

Configure MFA factors

  1. Click Security > Authenticator.
  2. From the Add Authenticator dialog, select a factor. For example Okta Verify.
  3. Configure factor specific settings as appropriate.
  4. Note; Okta recommends that at a Minimum Okta Verify be specified.

  5. Select the Enrollment tab.
  6. Click Add Multifactor Policy.
  7. Name the policy.
  8. In Assign to Groups, enter one or more group names.
  9. For each factor select Required. For example, Okta Verify.
  10. Click Create Policy.