User restriction from AWS side Skip to main content
https://support.okta.com/help/answers?id=9062a000000qulhqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Yarin ChenYarin Chen 

User restriction from AWS side

Is it possible to add to the Role policy on AWS  a condition that only specific users will be able to login to (through okta federation)?
The purpose is to prevent from someone with Active directory permissions or from Okta console with admin permissions, to assign himself to an admin group in AWS. 
So when he assign to the role it want work since the user is not included in the policy.
Matt MaherMatt Maher (Okta, Inc.)
Hi Yarin, you can assign specific AWS roles to Okta users which can limit their access to AWS. You can find details on how this can configured in our AWS and Okta Integration Guide (https://support.okta.com/help/servlet/fileField?retURL=/help/articles/Knowledge_Article/Amazon-Web-Services-and-Okta-Integration-Guide&entityId=ka0F0000000MeyyIAC&field=File_Attachment__Body__s). If you have any further questions specific to your integration I suggest you open a case with our support team.