Okta + Amazon Web Services: Automate AWS IAM Identity Center with Okta Workflows

Okta and AWS have done it again! For years we've supported identity federation with AWS IAM and tons of customers have taken advantage of this integration. In fact, our 2020 Business@Work Report lists it as one of Okta's “top 2” integrations. If you're unfamiliar with the integration, read on for a brief summary of the Okta + AWS collaboration.

Last year, we partnered with AWS to add support for AWS IAM Identity Center federation session tags — but we didn't stop there. Earlier this year, Okta and AWS released a SAML/SCIM integration with AWS IAM Identity Center. This pairing supports using AWS CLI v2 with Okta natively; no need for 3rd party plugins. Read the details here.

And a few months ago, AWS released support for session tags in AWS IAM Identity Center. In conjunction with Okta, this support allows customers to use Okta attributes to define access within AWS IAM Identity Center. But it doesn't stop here. We’re happy to announce the newest addition to the Okta +AWS collaboration: the Okta Workflow AWS IAM Identity Center Connector.

What is Okta Workflows?

Okta Workflows allows you to automate user management by building custom workflows that match your specific business processes. Take, for example, when a new user joins your company. You’ll want to create their account in your mail system and then create their folders in Box. For most, these are two separate tasks. But with Okta Workflows this flow can be created and associated concurrently, with user creation in Okta. No longer must these two manual processes be run separately!

With built-in developer logic, Workflows allow you to custom-create workflows—without writing the code.

What's new with the Workflows AWS IAM Identity Center Connector

With the Workflow’s AWS IAM Identity Center Connector, you have the ability to automate the granular management of AWS IAM Identity Center entitlements (e.g., permission sets and accounts.) This automation saves you time, ensuring the right users have the right access to the right resources. Read on to learn how.

Take granular actions during onboarding and offboarding

Out of the box, the AWS Connector has 5 cards:

• Add AWS Entitlements: Assign permission sets or accounts
• List Instances: Read SSO instances accessible in AWS IAM Identity Center
• Remove AWS Entitlements: Removes certain permission sets or accounts from a user
• Remove All AWS Entitlements: Removes all permission sets and accounts from a user
• List AWS Entitlements: Reads all current AWS permission sets and accounts

These cards can be used in a number of combinations to manage user permission sets. Here’s the example flow:

Or

Replace custom code and customize business logic

Using Okta Workflows, flows can be built to manage AWS IAM Identity Center entitlements. They can then be linked with other flows. The result is a fully automated user lifecycle function, across all your applications.

Better together

Okta and AWS have continued to work together to provide our customers with a deep integration that makes integrating platforms and applications simple and secure. The AWS IAM Identity Center Workflow Connector is just the latest addition to that continued promise, but it will certainly not be the last.

For more details about the AWS IAM Identity Center Workflow Connector, please visit our  AWS and Okta page.

Interested in learning more?

Check out the following detailed configuration guides for specific instructions:

• How to configure SAML 2.0 for AWS Single Sign-On
• How to setup automated provisioning for AWS Single Sign-On
• Configuring the AWS CLI to use AWS Single Sign-On

Specific questions? Get in touch with our team.