Configure AWS IAM Identity Center for AI agent imports
To import AI agents from AWS IAM Identity Center, you need to create a permission policy that allows Okta to retrieve the app's AI agents. Then you need to apply that permission policy to your AWS IAM Identity Center user account.
After you've completed these configurations, follow the steps in Enable AI agent imports for an app.
Create a permission policy
- Sign in to your AWS IAM Identity Center tenant.
- Select .
- Set the username to okta-ai-agent-import.
- Select the user that you created in the previous step and click Permissions.
- Click Add inline policy.
- Go to the JSON tab.
- To configure the permission policy for both Amazon Bedrock Agents and Amazon Bedrock AgentCore, enter the following text: { "Version": "2012-10-17", "Statement": [ { "Sid": "OktaAIAgentImport", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity", "bedrock:GetAgent", "bedrock:ListAgents", "bedrock-agentcore:ListAgentRuntimes", "bedrock-agentcore:GetAgentRuntime" ], "Resource": "*" } ] }
- To configure the permission policy for only Amazon Bedrock Agents, enter the following text: { "Version": "2012-10-17", "Statement": [ { "Sid": "OktaAIAgentImport", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity", "bedrock:GetAgent", "bedrock:ListAgents" ], "Resource": "*" } ] }
- To configure the permission policy for only AWS Bedrock AgentCore, enter the following text: { "Version": "2012-10-17", "Statement": [ { "Sid": "OktaAIAgentImport", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity", "bedrock-agentcore:ListAgentRuntimes", "bedrock-agentcore:GetAgentRuntime" ], "Resource": "*" } ] }
Generate an access key and secret access key
- In the AWS IAM Identity Center, select the user that you created in the previous section.
- Select .
- Copy the access key and secret access key and store them safely.