Is it possible to add to the Role policy on AWS a condition that only specific users will be able to login to (through okta federation)? The purpose is to prevent from someone with Active directory permissions or from Okta console with admin permissions, to assign himself to an admin group in AWS. So when he assign to the role it want work since the user is not included in the policy.
Hi Yarin, you can assign specific AWS roles to Okta users which can limit their access to AWS. You can find details on how this can configured in our AWS and Okta Integration Guide (https://support.okta.com/help/servlet/fileField?retURL=/help/articles/Knowledge_Article/Amazon-Web-Services-and-Okta-Integration-Guide&entityId=ka0F0000000MeyyIAC&field=File_Attachment__Body__s). If you have any further questions specific to your integration I suggest you open a case with our support team.