Okta and AWS: Your All-Access Pass

Download

Enterprises are currently undergoing high-level initiatives around digital transformation, migrating assets and processes to the cloud in order to support corporate agility and modernize IT and security. The process can reduce the costs of infrastructure management and maintenance, remove legacy identity as a constraint, reduce IT spend on expensive client access licenses, and simplify and secure user access—especially remote user access—to IT services across cloud and on-premises assets.

Okta and AWS combine to support safely moving any workload type to the cloud. As the world’s new work-from-home reality has multiplied user identities and cloud projects, IT teams are often spending more and more time managing AWS users, accounts, and roles. But using Okta to manage AWS resources allows you to leverage existing credentials and give an entire workforce—wherever they are, whatever device they’re using—the access they need to their AWS resources at every point in the employee lifecycle.

Okta and AWS: Perfect Partners for Accelerating Cloud Migration

Okta: Zero Trust Secure Access

The Okta Identity Cloud is a leading cloud-based identity platform that cloudifies a company’s identity infrastructure as part of a broader modernization of IT. Moving identity to the cloud allows for secure, appropriate user access to SaaS, public cloud, and premises-based applications from anywhere in the world via trusted endpoints.

AWS: Cloud Infrastructure and Services

AWS provides a massive global cloud infrastructure that allows you to quickly innovate, experiment and iterate. Instead of waiting weeks or months for hardware, you can instantly deploy new applications, instantly scale up as your workload grows, and instantly scale down based on demand.

Okta and AWS Secure the Simple Access Your Teams Need

The Okta and AWS integration lets enterprises centralize AWS access control, simplify account administration, and accelerate cloud migration. Confidently leverage existing identity information (from your Active Directory or LDAP credentials, or from solutions like Workday and Ultipro) as the foundation for automating cloud access. Users simply sign in once through Okta’s familiar interface—backed with strong adaptive Multi-Factor Authentication—and are authenticated directly into their AWS SSO user portal, where they can access all of their AWS accounts and resources. DevOps teams can optionally authenticate within the Command Line Interface (CLI) instead of the SSO view.

Across the employee lifecycle, as each individual’s roles, groups, or status change, this information flows into Okta and AWS and their access evolves accordingly, with no extra burden on IT teams to keep up with changes. Organizations can go further, automating the assignment and ongoing management of AWS entitlements as part of defined Okta Workflows, tapping into the granular capabilities of your tech stack without burdening your IT team with manual provisioning and reprovisioning.

The Okta and AWS integration lets security teams apply strong MFA to secure access to AWS resources, gives audit teams additional support for compliance, with certifications including FedRAMP ATO, FIPS 140-2, HIPAA, and provides support for PIV/CAC authentication for government entities. Developers and DevOps teams can allow partner or customer employees to authenticate with existing credentials, can authorize granular access or temporary permissions to an AWS app build, can use the AWS Command Line Interface (CLI), and can secure app access with MFA everywhere.

Okta and AWS diagram

Accelerating Cloud Migration with Okta and AWS

For a lot of enterprises, migrating on-premises enterprise apps and resources to more efficient cloud solutions was once a long-term goal. That timetable has rapidly accelerated, thanks to a shift to dynamic hybrid workforces plus increased demand for high-quality digital employee and customer experiences. Today, migrating your applications to the cloud—quickly, safely, and efficiently—is a higher priority than ever.

In the new normal, enterprises need to support flexible workforces that can work from anywhere, at any time, on any device. Organizations need centralized control over access, and the ability to be able to quickly scale operations up or down as these workforces and their projects fluctuate. And they need to provide frictionless experiences across channels, for their workforces as well as for their customers. In this way, businesses can encourage customer engagement, create new revenue opportunities, secure employee loyalty, and build trust.

The key to making it happen: smart, safe, and efficient cloud migration with Okta and AWS.

Ellucian logo

"AWS is an essential element of our cloud deployment strategy. AWS enables scale, flexibility and resiliency—and Okta enables us to manage access for our large population of AWS users effectively and efficiently.”

—Lee Congdon, CIO at Ellucian

Siemens Logo

"We use Okta to secure our departments’ entire development environment. That includes our AWS login, multiple AWS accounts, our secure login, and continuous integration and development tools.”

—Friedrich Gloeckner, Team Lead Architecture and Software Development at Siemens Mobility Services

Cengage

"Moving to Okta has allowed us to take some of our best and brightest engineers, who were working hard on solving the identity problem, and let them not have to worry about it...Those teams are now able to develop new features, improve personalization, build Cengage’s subscription service, and improve the student learning experience.”

—George Moore, Chief Technology Officer at Cengage

Vivint Solar Logo

"Instead of paying $170,000 in Active Directory user CALs, I’m paying a fraction of the cost in subscriptions for cloud services. Okta makes this huge cost savings possible.”

—Mike Hincks, Director of IT Infrastructure at Vivint Solar

How Okta and AWS Support the “Six Rs” of Cloud Migration

Okta and AWS streamline your shift to cloud, no matter which of the six standard strategies your cloud migration plan contains.

Rehost

“Lift-and-shift” an application and its workloads to run in the cloud. Okta and AWS bring new efficiency to rehosting scenarios with centralized, identity-based access decisions.

Revise

Update some app components while retaining the core source code. This integration gives your users intuitive Single Sign-On access to your cloud-enabled apps, protected by strong MFA.

Re-architect

Optimize an app’s underlying architecture to fully embrace cloud. Building in support for Okta’s modern identity protocols like OpenID Connect and OAuth will keep access secure.

Rebuild

Start from scratch to re-code high-priority business-critical systems. Dev teams using AWS’s elastic infrastructure will appreciate being able to sign in once to multiple resources.

Replace

Replace old/outdated apps with best-of-breed, cloud-first solutions. Access to those varied solutions is easy and secure with Okta’s role- and group-based identity management.

Retain

Leave some core/sensitive apps as is or delay for a later retirement. You can add a Zero Trust identity layer to protect those legacy apps as well, for as long as you keep them.

 

Leveraging AWS Managed Microsoft AD with Okta

Leveraging AWS Managed Microsoft AD with Okta

AWS Directory Service for Microsoft Active Directory enables companies to run directory-aware workloads in the AWS Cloud, including Microsoft SharePoint and custom .NET and SQL server-based applications. It also provides seamless access to AWS services such as Amazon RDS for SQL Server and Amazon FSx for Windows File Server. AWS Managed AD can be run standalone—as a company’s only AD environment—or can be an extension of a company’s legacy on-premises identity infrastructure. Here’s how Okta and AWS work together to support three specific deployment scenarios.

Adding Okta Identity Cloud to an Existing AWS Managed Microsoft AD Deployment that’s the Primary Domain

In this scenario, organizations are using AWS Managed Microsoft AD as their primary AD environment, connecting any limited premise-based infrastructure to AWS Managed Microsoft AD.

Adding Okta Identity Cloud when Extending an Existing AD Infrastructure into AWS via AWS Managed Microsoft AD

In this scenario, organizations with legacy, premise-based AD instances are extending their AD environment into AWS in support of workload migration to the cloud or to support the use of AWS services like Amazon RDS for SQL Server and Amazon WS WorkSpaces.

Adding AWS Managed Microsoft AD to an Existing Okta Identity Cloud Deployment

In this scenario, a customer is already using the Okta Identity Cloud, and has made the investment in cloudifying their identity infrastructure. The majority of customers are using Okta to abstract identities away from Active Directory, connect all SaaS to Okta, and automate user lifecycle management with Okta.

For more details on these deployments, please check out okta.com

Bonus: Support for DevOps and Developers

Developers will additionally benefit from the efficiencies of the Okta and AWS SSO integration thanks to support for the AWS Command Line Interface (CLI). The AWS CLI is a powerful tool that enables developers and DevOps teams to manage multiple AWS services and automate commands via scripting. With the Okta and AWS SSO integration, developers can now sign-in with their Okta credentials and Okta Multi-Factor Authentication (MFA).

With AWS CLI v2 support for AWS Single Sign-On, AWS CLI profiles can be linked to AWS SSO accounts, allowing Okta to act as the external identity provider. They just initiate SSO authentication from CLI, sign in with Okta credentials including MFA, and they’re seamlessly authorized to all their AWS accounts and roles, all without leaving the Command Line Interface. This gives developers a secure and seamless Okta login experience, quickly getting them in to focus on building apps.

Step 1: Initiate SSO authentication from CLI

Initiate SSO authentication from CLI

 

Step 2: Sign-in with Okta credentials + MFA

Sign-in with Okta credentials and MFA

 

Step 3: You’re authorized to AWS accounts and roles!

authorized to AWS accounts and roles

Okta and AWS: Joint Solution Benefits

  • Provide seamless access to AWS apps, accounts, and resources from any device
  • Leverage existing HR credentials to automate AWS provisioning, saving countless hours for IT
  • Adopt a Zero Trust security posture that keeps cloud resource access secure at scale
  • Extend this secure, seamless experience to customers, partners, resellers, and other parties
  • Support a remote or hybrid workforce with anywhere, anytime access to appropriate AWS cloud resources
  • Centralize access administration for IT, and reduce manual access management tasks while keeping enterprise resources safe
  • Accelerate cloud migration, increase team productivity, shorten time to value for new hires, and gain efficiencies

Okta and AWS establish the zero trust, simplified access, and centralized controls that let enterprises confidently accelerate their cloud migration.

With Okta and AWS, enterprises can leverage their existing identity information and automate access for their remote and hybrid workforces. Users simply sign in once through Okta’s familiar interface—backed with strong adaptive Multi-Factor Authentication— and are authenticated directly into their AWS SSO user portal, where they can access all of their AWS accounts and resources. Across the employee lifecycle, as each individual’s roles, groups, or status change, this information flows into Okta and AWS and their access evolves accordingly, with no extra burden on IT teams to keep up with changes. Centralize AWS access control, simplify account administration, and get remote and on-premises workers quickly to the resources they need, with Okta and AWS.

About Okta

Okta is the leading independent identity provider. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With more than 7,000 pre-built integrations to applications and infrastructure providers, Okta provides simple and secure access to people and organizations everywhere, giving them the confidence to reach their full potential. More than 10,000 organizations, including JetBlue, Nordstrom, Siemens, Slack, T-Mobile, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers. Learn more at www.okta.com

About Amazon Web Services (AWS)

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully-featured services globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — trust AWS to power their infrastructure, become more agile, and lower costs. To learn more, visit aws.amazon.com.

Top of Page Download