In your Okta org, configure the Amazon WorkSpaces application and required factors.Īmazon WorkSpaces must be configured for MFA.ĪWS WorkSpace users are managed in Active Directory but must be provisioned into Okta. Preconfigure Amazon WS instances with required Active Directory, EC2 and workspace.ĭownload and install the Okta RADIUS agent on Instance B.įor throughput, availability and other considerations, see Okta RADIUS Server Agent Deployment Best Practices.Ĭreate inbound rules to allow the RADIUS agent to communicate with an AWS Directory Service instance. Now we need to move from Microsoft Authenticator App to One-way SMS. Push is received on my Microsoft Authenticator App - I click 'Approve'. When an end user that's enrolled in Okta with DUO MFA attempts to access Amazon Workspaces configured with RADIUS, they must provide the six digit MFA passcode displayed on the DUO mobile app in addition to their primary password. Enter credentials: 2.a UserName -> my Azure account. If that private IP changes the AWS Directory MFA configuration must be updated to reflect the new private IP.ĭUO MFA with Push/SMS/Call isn't supported for Amazon Workspaces with RADIUS. The AWS Directory service requires the private IP address of Instance B to delegate the MFA challenge over RADIUS. Directory ID is used to determine the name of the Security Group. You must have the Directory ID of the AWS Directory Service. The AWS Directory Service requires the private IP address of Instance B to delegate the MFA challenge over RADIUS.ĪWS Directory Service instance, configured and pointing to Instance A, running Active Directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |