By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Client VPN unable to set Authorization Route with Group ID using Okta

0

AWS SSO using Okta. Working on implementing a AWS Client VPN that also uses the Okta authentication. I've enabled the AWS Client VPN app through Okta and have used the meta-data to create an Identity provider for the Client VPN. I've been able to successfully use the AWS Client VPN, it does the Auth through Okta, so I know that it works. But the Second I change my Authorization Routes in the AWS Client VPN to use a Group ID, I loose access to my resources. I've attempted to use the Okta Group ID, as well as the AWS SSO Group Id provided through Amazon. But neither Group ID seems to take. I've also attempted to put the Group Name in the 'Group ID' field with no success.

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
AWS-User-1278126
asked 2 years ago523 views
1 Answer
0
Accepted Answer

I was able to figure this out. I have a screenshot of this on my Okta Community post, but I needed to specify in the Okta AWS Client VPN Settings that memberOf was equal to .* (Notice the period there). Apparently you need specify which Okta Groups get sent over to the AWS Client VPN. So this wild card sends all groups over and then you can set up your authorization routes using the Group Name for the Group ID.

https://support.okta.com/help/s/question/0D54z00007QD9yTCAT/aws-client-vpn-unable-to-set-authorization-route-with-group-id-using-okta?language=en_US

AWS-User-1278126
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content