How to Setup Okta as an Identity Provider in AWS IAM Identity Center
ฝัง
- เผยแพร่เมื่อ 11 ก.ย. 2024
- In this video I go through the process of configuring Okta as an external identity provider in AWS IAM Identity Center.
Read the full post here: jkstechlab.com...
Let's connect:
Twitter - / jkstechlab
Instagram - / jkstechlab
Facebook - / jkstechlab
#Okta #identitysecurity #awscommunity
Clear and efficient.
very detailed and easy to understand thank you so much John!
5 seconds in and I have subscribed.
Great video im a fan
Maaan, you saved my day, honestly. Bless you God, bro.
Glad to help, thanks for watching!
Thanks bro! Super useful content
Excellent video. Very helpful.
Yooooooooooo, I remember you from Sounds and Gear! It's dope to see you're an IT guy too. Thanks for the information, I'm transitioning to some cloud knowledge and your SC-900 video is helpful. Peace and Blessings.
What's up! Thanks for stopping by and glad to help! Yes, the love for tech spills over into all areas LOL
Hey bro, just want to thank you. Save a lot of my time again.
glad to help!
Great video. Explained well! 👑
Thanks for watching
@@JKSTechLab Do you have the same for Azure AD?
Thanks!
@@noamc7816 not currently
Great video, it helped me a lot!
good one.. learnt from this.. thanks for posting this..
Thanks for watching
@JKSTechLab I have a question about the prices for example if I have 1000 users in okta and I want to do a synchronization to take them to aws with "Assign Users to App" would have a high value or where I could see more of these prices of aws?
Thanks, great video!!!
How do provide access to okta user after the integration?
Folks, probably it will help you also, (but probably not). I got the same error as JK Swopes after full setup, looks like we are getting 400HTTP response from AWS. I spent a week with AWS support to break through, but without success. As the last hope, I updated this current identity provider with the same SAML XML and Okta certificate (just how I did before) and for some reason it got working. Don't forget to update provisioning token in Okta, the old one is getting deprecated after updating IdP.
Yep, if you delete and redo the setup it usually works for whatever reason. Sometimes I get this error on a new setup and sometimes I don't.
Great video!
can i use aws cli to list those users/groups etc.. ?
Thanks!
Thanks for watching, I'm not sure, I haven't tried it, but I would think if they are in AWS you should be good to go.
What if I want to connect multiple aws instances? Like prod, demo, and dev? Would this work by following the same instructions?
It may be possible if they are different environments, they would appear as different applications in Okta.
I had a question, post integration when I need to assign AWS service permissions/policies to the user, where can I do that?
Any policies or permissions within AWS would be assigned in AWS/Identity Center.
@@JKSTechLab Let's say I have to provide EC2Full access to one user, and RDSFull access to another, can that be done using the same?
@@rohanokta1891 You would set that up within AWS, this is just for the authentication portion (though you could use groups to assign roles as well, but still has to be setup in AWS).
🔥🔥🔥
preciate ya bro!
Really well done
@@cameronka01 Thanks for watching!
nice work
Thanks for watching.
Thank you for the great and simple explanation.
Have a query here.
If we are setting this up in an existing environment, is there any way by which we can import the SSO users (that have been manually in SSO ) into okta?
Or do we need to remove them and assign the AWS sso app on their okta profile?
Thanks for watching. I haven't explored that yet, I do believe that if your users in AWS match the same info that your users in Okta have, it will update their accounts in AWS. For example, if the username/email, etc is the same, it will update them according to the IAM Identity Center documentation.
are you paying for the okta account or it is free trial for this video?
I’m using a free dev account.
When you enable IAM Identity Center integration, do the IAM local users still work?
Everyone logging into Identity Center will log in through Okta instead of local account credentials.
excellent content. Where did u get the file okta.cert?
You download it from the Okta interface, I show it in the video. It's in the part where you get the IdP metadata.
I am facing the same error as you are at the end. any idea what could be causing it?
Sometimes it starts working after you keep trying a few times. You could also try starting over, but the error seems to be with AWS, every once in a while I see that error when setting up integrations.
Thanks a lot for your help. Really appreciate it 😊 I’ll give it another try
@@sanatanshekhar362 no problem
@@JKSTechLab Didn't work for me using the AWS Identity Provider app integration on okta. :( Though when I configured the same using used SAML 2.0 and SCIM 2.0 Test app integrations, it works perfectly. I referred to your video as a head start and it helped a lot. Thanks :) :)
@@sanatanshekhar362 Yeah, I think they recently just added that app, and there is another one by a different name I believe, so there may be some issues with it. But yes, setting it up via SAML/SCIM should work the same way, glad you got it going, good stuff!
Is that really something on their end?? at 12:44 seconds, thats driving me nuts, and no useful help from support!
Hello, did you find out why this happens? Is it fixed for you?
@@NoName-mi6le yep- way too many groups trying to sync through.... ended up testing it with just a user with 10 groups and it was working fine. Ended up doing a bit of custom claims just to only send specific groups to send to AWS
Subbed!