When adding a new IAM role or renaming existing IAM roles in Amazon Web Services (AWS), the changes are not reflected in the Okta User Assignments page.
Steps to reproduce the issue:
-
Create a new IAM role in AWS. For example: "AWSNewTestRole" role.
-
Go to the Assignments tab in the Okta AWS Account Federation App, click the pencil icon to open the Edit User Assignment page, and check the Role dropdown. The new role "AWSNewTestRole" is missing.
- Amazon Web Services (AWS) Account Federation
- Provisioning
When adding new IAM roles and renaming existing IAM roles in AWS, the changes are not being reflected in the Okta User Assignments screen. This means the app data has not been updated in Okta and needs to be refreshed.
Use one of the following methods:
Method 1
Go to the Okta Admin Console, navigate to Applications > Applications, and click More to select Refresh Application Data (note that this will trigger an import of application data for all applications configured with Provisioning). The latest roles, profiles, and groups from apps configured for user provisioning will download. Okta uses this data when creating new users in those apps.
Method 2
Re-authenticate API credentials that you are using for provisioning to/from AWS, which will cause the download and update of application data into Okta (this will only refresh the application data for AWS Account Federation):
-
Go to Okta Admin Console and navigate to Applications > Applications > AWS Account Federation > Provisioning > Integration > click the Edit button.
-
Verify that AWS Account Federation credentials are correct, click Test API credentials, then Save it.
-
Afterward, go to the Assignments tab in the AWS Account Federation app, click the pencil icon to open the Edit User Assignment page, and check the Role dropdown to confirm that the new IAM role "AWSNewTestRole" is available.
