Troubleshooting "Login denied" Error for Amazon WorkSpaces RADIUS App in Okta

Jan 16, 2026

Integrations

Okta Classic Engine

Multi-Factor Authentication

Okta Identity Engine

Overview

When adding and assigning the Amazon WorkSpaces RADIUS app from Okta's catalog (OIN), administrators may encounter the following error message. This article provides steps to troubleshoot this issue.

Login denied. No matching user is assigned to RADIUS App Amazon WorkSpaces.

Applies To

OIN - Amazon WorkSpaces App
Single Sign On (SSO)
Multi-Factor Authentication (MFA)

Cause

This error message typically occurs when the username format used in Okta does not match the requirements of the AWS WorkSpace. This can cause a mismatch between the username provided by Okta and the username required by AWS WorkSpace, leading to the Login denied error.

Solution

To troubleshoot this issue, follow these steps:

Confirm the correct username format: If the AWS WorkSpace requires a SAM account, ensure that the same format in Okta is selected by going to Amazon WorkSpaces App > Sign On > Application username format.
Unassign and re-assign users: Click on the Assignments tab, unassign all users, and then re-assign them with the correct matching usernames.
Validate the configuration: Launch the WorkSpaces RADIUS app and attempt to log in to verify that the issue has been resolved.

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies