We are constantly experiencing short (15min) session timeouts for the AWS integration. According to AWS support this is set via "DurationSeconds" parameter within the "AssumeRoleWithSAML" API call that Okta makes. Has anyone else had a similar issue and is there any way to change it?
it appears that's the default, as well as the maximum value of the credential lifetime when using the AssumeRoleWithSAML. Here a link that has more info, look for the heading Comparing the AWS STS APIs http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
In case anyone here wasn't aware, AWS just released an update to the session timeout settings for SAML logins, you can read about it here: http://blogs.aws.amazon.com/security/post/Tx3GL3IZE3FIGB6/Enable-Your-Federated-Users-to-Work-in-the-AWS-Management-Console-for-up-to-12-H. I'm going to be doing some testing with my setup to see if I can implement this with the current setup, but I think it would be great for Okta to jump on this and add it as an option.
Okta added a feature to address this in late 2016, please search for "Session Duration" in the release notes for the 2016-46 release for instructions on how to set your AWS session duration: https://support.okta.com/help/Documentation/Knowledge_Article/Okta-Preview-Sandbox-Release-2016-46
@Sohaib - did you get this working for CLI use? or is this (as is hinted by the title of the aws blog post further up) only for Console access? Our devs are hating okta more and more each day thanks to the default and seemingly unchangeable 1 hour timeout.