2FA for Okta

This article will explain the process of setting up Okta as a SAML IdP in an Amazon Cognito user pool.

Pre-requisites

1. Contact Litera DevOps before starting your 2FA authentication project. There are steps they need to perform first. You can also reach to support@litera.com to get their contact info.

Items to send to Litera

1. Identity Provider metadata hyperlink in Step Get the IDP Metadata

Steps

Create a SAML app in Okta

1. Go into the Okta developer console and under Shortcuts, choose Add Applications. Or, choose Applications, and then choose Add Application.

2. Click Create New App

3. Choose Platform as Web

4. For the Sign-on method, choose SAML 2.0.

Configure SAML Integration in Okta App

1. On the Create SAML Integration page, under General Settings, enter a name for your app.

2. Choose Next.

3. Under GENERAL, for Single sign on URL, enter https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse.
   NOTE: Replace yourDomainPrefix and region with the values for your user pool

4. For Audience URI (SP Entity ID), enter urn:amazon:cognito:sp:yourUserPoolId.
   NOTE: Replace yourUserPoolId with your Amazon Cognito user pool ID.

5. Leave Name ID format as Unspecified

6. Set Application username as Email

7. Under ATTRIBUTE STATEMENTS (OPTIONAL) set the following (set the Name format as URI reference for all):

8. Click Next and Click Finish

Assign users to the Okta application

1. On the Assignments tab for your Okta app, for Assign, choose Assign to People

2. Next to the user that you want to assign, choose Assign

3. Choose Save and Go back. Choose Done.

Get the IDP metadata for the Okta application

1. On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink. Right-click the hyperlink, and then copy the URL and send the URL over to Litera DevOps.

Open