Okta + Amazon Web Services: Automate AWS SSO with Okta Workflows
Okta and AWS have done it again! For years we've supported identity federation with AWS IAM and tons of customers have taken advantage of this integration. In fact, our 2020 Business@Work Report lists it as one of Okta's “top 2” integrations. If you're unfamiliar with the integration, read on for a brief summary of the Okta + AWS collaboration.
Last year, we partnered with AWS to add support for AWS SSO federation session tags — but we didn't stop there. Earlier this year, Okta and AWS released a SAML/SCIM integration with AWS SSO. This pairing supports using AWS CLI v2 with Okta natively; no need for 3rd party plugins. Read the details here.
And a few months ago, AWS released support for session tags in AWS SSO. In conjunction with Okta, this support allows customers to use Okta attributes to define access within AWS SSO. But it doesn't stop here. We’re happy to announce the newest addition to the Okta +AWS collaboration: the Okta Workflow AWS SSO Connector.
What is Okta Workflows?
Okta Workflows allows you to automate user management by building custom workflows that match your specific business processes. Take, for example, when a new user joins your company. You’ll want to create their account in your mail system and then create their folders in Box. For most, these are two separate tasks. But with Okta Workflows this flow can be created and associated concurrently, with user creation in Okta. No longer must these two manual processes be run separately!
With built-in developer logic, Workflows allow you to custom-create workflows—without writing the code.
What's new with the Workflows AWS SSO Connector
With the Workflow’s AWS SSO Connector, you have the ability to automate the granular management of AWS SSO entitlements (e.g., permission sets and accounts.) This automation saves you time, ensuring the right users have the right access to the right resources. Read on to learn how.
Take granular actions during onboarding and offboarding
Out of the box, the AWS Connector has 5 cards:
- Add AWS Entitlements: Assign permission sets or accounts
- List Instances: Read SSO instances accessible in AWS SSO
- Remove AWS Entitlements: Removes certain permission sets or accounts from a user
- Remove All AWS Entitlements: Removes all permission sets and accounts from a user
- List AWS Entitlements: Reads all current AWS permission sets and accounts
These cards can be used in a number of combinations to manage user permission sets. Here’s the example flow:
Or
Replace custom code and customise business logic
Using Okta Workflows, flows can be built to manage AWS SSO entitlements. They can then be linked with other flows. The result is a fully automated user lifecycle function, across all your applications.
Better together
Okta and AWS have continued to work together to provide our customers with a deep integration that makes integrating platforms and applications simple and secure. The AWS SSO Workflow Connector is just the latest addition to that continued promise, but it will certainly not be the last.
For more details about the AWS SSO Workflow Connector, please visit our AWS and Okta page.
Interested in learning more?
Check out the following detailed configuration guides for specific instructions:
- How to configure SAML 2.0 for AWS Single Sign-On
- How to setup automated provisioning for AWS Single Sign-On
- Configuring the AWS CLI to use AWS Single Sign-On
Specific questions? Get in touch with our team.