Create User in Okta
In this use case, we will create a new user in Okta and provide access to AWS IAM Identity Center.
Why manage users directly in Okta?
Managing users directly in Okta solves the challenge when organizations want to provide access to AWS Ressources to partners, but don’t want to create them in AD.
Configuration Steps
To create a new user in Okta, go to Directory -> People and click on Add person.
Enter the information about the user. To provide access to AWS, start entering the group name of AWS ViewOnlyAccess and select it. Make sure Activate now is selected. This will activate the user in Okta and an Email to set the initial password is sent to the user. Click on Save.
If you don’t select Activate now, Okta creates the User in a Staged state and you must activate it manually. Additional user attributes can be set in the Profile Tab of the user.
Click on the link in the activation email and set the password.
Logout with your current user or open a new incognito browser. Login with the new user as described in the chapter Test from Okta or AWS. You will be prompted to enroll your MFA and because we only assigned one group, you will only have access to ViewOnlyAccess. (Screenshot will also PowerUserAccess)
Clean Up
To disable the user and remove access to AWS IAM Identity Center, go to Directory -> People and click on the user name.
Click on More Actions and Deactivate. Confirm the deactivation in the dialog.
Okta deactivates users in the first place because deleting a user can have a big impact e.g. what happens with the personal files of the user in a cloud drive, that is integrated with Okta? Should the manager get access to the files, or should the files be deleted? To automate the full user journey, Okta has a no-code Workflow Engine to define fine granular actions.
If you want to delete the user, click on the button Delete in the user profile that is shown after deactivation.
