<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

AWS Workspaces: MFA Does Not Work

Okta Classic Engine
Multi-Factor Authentication

Overview

This article addresses the situation in which Multi-Factor Authentication (MFA) does not work when signing into AWS Workspaces with RADIUS agents.

Applies To

  • AWS Workspaces
  • RADIUS
  • Okta Classic Engine

Solution

  1. Make sure that the specific port setup for the RADIUS agent has been entered into the firewall.
    • Specific port for both UDP and TCP using the designated port number (commonly 1812).
  2. If an MFA sign-on policy within the application settings on Okta is set, it will not work. Set a specific group for the AWS Workspace application assignment and apply this group to an MFA security rule (check below for details):

    1. Navigate to Directory > Groups and click Add Group. Add a name and a description specifically for those who will be assigned the AWS WS application.

    2. Navigate to Security > Multifactor.

    3. Click Add multifactor policy and populate the relevant fields (name and description). In the group field, type and find the newly created group, and set Okta verify as required.

Related References

Loading
Okta Support - AWS Workspaces: MFA Does Not Work