MohammadD.22404 (Customer) asked a question.
AWS Client VPN Okta SAML SignOn using okta group name attribute
Hello,
Hope you are doing well.
I'm trying to get our new AWS client vpn setup to restrict access to certain CIDRs via group name and using authorization rules to test.
I created AWS Client VPN application and then forgot to setup memberOf to match *. once i added that I see that it allows everything even If I try to restrict that from AWS client endpoint rules , I'm I doing something wrong here ?
Setup : AWS cVPN < > Okta
I don't see any references of this working with Okta , all examples refers to AWS SSO and the setup manual only mentions Okta but that does not work and either deny access when memberOf match is not set to * or allows everything.
Appreciate your help in advance
Hi @MohammadD.22404 (Customer),
Thank you for posting on the Okta community page!
Thank you for posting on the Okta community page!
I have done some research and based on the bellow documentation, when adding “.*” as a value for the memberof option, Okta will send all the groups (group membership information):
If you would like to send just certain group membership information, you can use the following example “*groupA.*|.*groupB.*|.*groupC.*|.*groupD.*”. This will send only the groups A,B,C and D.
On another note, the Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.