- Okta Identity Engine (OIE)
- Okta Classic Engine
- AWS CLI
The goal of these steps is to stage as much as possible pre-upgrade so that manual intervention is not needed post-upgrade. This will allow admins to set up any necessary policy requirements for a smooth transition.
This test will show that the tool can authenticate and authorize successfully, just not fulfill the grant type introduced in the Okta Identity Engine framework.
-
Create a native OIDC app in the Okta classic org to go with the existing SAML apps and set up the CLI client on desktops. The OIDC Native Application requires Grant Types Authorization Code, Device Authorization, and Token Exchange. These settings are in the Okta Admin UI under Applications > [the OIDC app] > General Settings > Grant type. Please take a look at the readme for more information.
-
The configuration is technically correct. However, it displays an "Error" since the org is not upgraded:
"org.okta.com" is a Classic org, okta-aws-cli is an-OIE only tool
After upgrading to OIE, the AWS CLI should automatically start working end to end, functioning as expected where it previously failed.
