<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
AWS Account Federation API Integration Error "Cannot connect. Please Ensure all Details are Set Correctly"
Jan 22, 2026
Okta Integration Network
Overview

When performing Test API Credentials for "AWS Account Federation" API integration, the following integration error is encountered:

Cannot connect. Please ensure all details are set correctly.
 

Error

Applies To
  • AWS Account Federation
  • Provisioning
  • Error
Cause

This error appears when:

  • The credentials (Access Key or Secret key) used to create the API connection are invalid.
  • Some Connected Accounts IDs for creating the API connection are invalid or inactive.
  • Identity Provider ARN on the Sign-On tab is incorrect. 
Solution

  1. Go to Okta Admin Console and navigate to Applications > AWS Account Federation > Provisioning > Integration.

  2. Click Edit and complete these fields (Refer to Configure the Amazon Web Services Account Federation app in Okta).

  • API URL (optional): This field is optional. Enter the API URL. If the Environment Type is listed, this field does not need to be filled out. If the Environment Type is not listed in the drop-down, enter the API URL here. To find the environment's API URL, please contact AWS.

  • Access Key: Paste the valid access key that was copied.

  • Secret Key: Paste the valid access key that was copied.

  • Connected Accounts IDs (option l): Optional: Provide a comma-separated list of all the connected accounts' IDs. This can be found in each AWS account from the My Accounts page in the top-left-hand corner of the AWS Console.
    NOTE: If an AWS instance is configured to use the Amazon AWS IAM role as the Sign On mode and an optional child account is removed from that instance, its role provisioning will be deleted, and an event will appear in the System Log.

  1. Click Test API Credentials, verify the successful connection, and click Save.

If the Access Key and Secret Key are correct, and the error message is still being thrown:

  1. Go to the Identity Provider section in the AWS Console and locate the Okta-created Identity Provider.
  2. Click on the Okta Identity Provider, and copy the Provider ARN value.
  3. Within the Okta Admin Console, navigate back to the Sign-On tab for the AWS application.
  4. Scroll to Advanced Sign-On Settings and paste the above copied Provider ARN value in the Identity Provider ARN (Required only for SAML SSO) field.  
  5. Confirm and validate the format (not the values) matches arn:aws:iam::111111111111:saml-provider/acme. 


Related References

Recommended content

Still looking for help?
Loading
AWS Account Federation API Integration Error "Cannot connect. Please Ensure all Details are Set Correctly"