![]() In your Okta org, configure the Amazon WorkSpaces application and required factors.Īmazon WorkSpaces must be configured for MFA.ĪWS WorkSpace users are managed in Active Directory but must be provisioned into Okta. ![]() Preconfigure Amazon WS instances with required Active Directory, EC2 and workspace.ĭownload and install the Okta RADIUS agent on Instance B.įor throughput, availability and other considerations, see Okta RADIUS Server Agent Deployment Best Practices.Ĭreate inbound rules to allow the RADIUS agent to communicate with an AWS Directory Service instance. When an end user that's enrolled in Okta with DUO MFA attempts to access Amazon Workspaces configured with RADIUS, they must provide the six digit MFA passcode displayed on the DUO mobile app in addition to their primary password. Trying to sign in to a GovSlack Workspace Need to get your group started on Slack Download the app Privacy & TermsContact Us. If that private IP changes the AWS Directory MFA configuration must be updated to reflect the new private IP.ĭUO MFA with Push/SMS/Call isn't supported for Amazon Workspaces with RADIUS. The AWS Directory service requires the private IP address of Instance B to delegate the MFA challenge over RADIUS. The Amazon WorkSpace app allows use of the Okta RADIUS agent for multifactor authentication on. Directory ID is used to determine the name of the Security Group. AWS WorkSpaces (AWSW) supports RADIUS for MFA authentication. You must have the Directory ID of the AWS Directory Service. The AWS Directory Service requires the private IP address of Instance B to delegate the MFA challenge over RADIUS.ĪWS Directory Service instance, configured and pointing to Instance A, running Active Directory. ![]() Instance B: represents the Windows 2012r2 host on which to install the Okta RADIUS agent.Learn more about Amazon WorkSpaces Client Network Requirements. The region recommendation is based on service availability and latency. Round trip time may vary due to network conditions. With monthly billing, you pay a fixed monthly fee for unlimited usage during the month, which is best for workers who use their Amazon WorkSpace full-time or as their primary desktop. Round trip time is the time to connect from your browser to the Amazon network, not the average latency for a given region. The charges for the Service apply on a monthly basis. Instance A: represents the Amazon Directory Service virtual machine instance. Amazon WorkSpaces provides the flexibility to pay monthly or hourly.In addition, you must configure Amazon Web Services as: In addition, you must configure Amazon Web Services as:Īmazon Web Services instances, configured as: You also can use thin-clients (essentially a terminal with a minimal embedded operating system and a network interface) to access WorkSpaces. It can be accessed via devices running Windows, Mac OS, Linux, ChromeOS, Android, FireOS, Apple IOS, and web browsers. RADIUS traffic between the gateway (client) and the RADIUS agent (server). Amazon WorkSpaces offers immense flexibility. (Default, you can change this when you install and configure the RADIUS app) Meet the following network connectivity requirements before you install the Okta RADIUS agent: SourceĬonfiguration and authentication traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |