This article addresses the situation in which Multi-Factor Authentication (MFA) does not work when signing into AWS Workspaces with RADIUS agents.

• AWS Workspaces
• RADIUS
• Okta Classic Engine

1. Make sure that the specific port setup for the RADIUS agent has been entered into the firewall.
   • Specific port for both UDP and TCP using the designated port number (commonly 1812).

2. If an MFA sign-on policy within the application settings on Okta is set, it will not work. Set a specific group for the AWS Workspace application assignment and apply this group to an MFA security rule (check below for details):

   1. Navigate to Directory > Groups and click Add Group. Add a name and a description specifically for those who will be assigned the AWS WS application.

   2. Navigate to Security > Multifactor.

   3. Click Add multifactor policy and populate the relevant fields (name and description). In the group field, type and find the newly created group, and set Okta verify as required.

Related References

• For further information on the above and a more in-depth overview on setting up AWS Workspace with MFA via Okta, it can be found a well written article created by AWS.