WIXLIB

eBookApril 2021Okta and AWS:Your All-Access PassIntegrating Okta’s Identity Cloud withAWS gives your teams the secureaccess they need—so you can treatthem like the rock stars they are.

2 eBookApril 2021Contents3 Okta and AWS:Perfect Partners4 How Okta and AWS Integrate5 Accelerating Cloud Migration6 The “Six Rs” of Cloud Migration7 Leveraging Managed AD8 Bonus: Support for DevOps9 Okta and AWS:Joint Solution BenefitsEnterprises are currently undergoing highlevel initiatives around digital transformation,migrating assets and processes to the cloud in order to support corporateagility and modernize IT and security. The process can reduce the costsof infrastructure management and maintenance, remove legacy identityas a constraint, reduce IT spend on expensive client access licenses, andsimplify and secure user access—especially remote user access—to ITservices across cloud and on-premises assets.Okta and AWS combine to support safely moving any workload type tothe cloud. As the world’s new work-from-home reality has multiplieduser identities and cloud projects, IT teams are often spending more andmore time managing AWS users, accounts, and roles. But using Okta tomanage AWS resources allows you to leverage existing credentials andgive an entire workforce—wherever they are, whatever device they’reusing—the access they need to their AWS resources at every point in theemployee lifecycle.The “Six Rs” of CloudMigration

3eBookApril 2021Okta and AWS:Perfect Partners forAccelerating Cloud MigrationZero Trust Secure AccessThe Okta Identity Cloud is a leading cloud-basedidentity platform that cloudifies a company’s identityinfrastructure as part of a broader modernizationof IT. Moving identity to the cloud allows for secure,appropriate user access to SaaS, public cloud, andpremises-based applications from anywhere in theworld via trusted endpoints.Cloud Infrastructureand ServicesAWS provides a massive global cloud infrastructurethat allows you to quickly innovate, experiment anditerate. Instead of waiting weeks or months forhardware, you can instantly deploy new applications,instantly scale up as your workload grows, andinstantly scale down based on demand.

4eBookApril 2021Okta and AWSSecure the SimpleAccess YourTeams NeedThe Okta and AWS integration lets enterprises centralize AWS access control, simplify accountadministration, and accelerate cloud migration. Confidently leverage existing identity information (fromyour Active Directory or LDAP credentials, or from solutions like Workday and Ultipro) as the foundationfor automating cloud access. Users simply sign in once through Okta’s familiar interface—backed withstrong adaptive Multi-Factor Authentication—and are authenticated directly into their AWS SSO userportal, where they can access all of their AWS accounts and resources. DevOps teams can optionallyauthenticate within the Command Line Interface (CLI) instead of the SSO view.Across the employee lifecycle, as each individual’s roles, groups, or status change, this information flowsinto Okta and AWS and their access evolves accordingly, with no extra burden on IT teams to keep up withchanges. Organizations can go further, automating the assignment and ongoing management of AWSentitlements as part of defined Okta Workflows, tapping into the granular capabilities of your tech stackwithout burdening your IT team with manual provisioning and reprovisioning.The Okta and AWS integration lets security teams apply strong MFA to secure access to AWS resources,gives audit teams additional support for compliance, with certifications including FedRAMP ATO, FIPS140-2, HIPAA, and provides support for PIV/CAC authentication for government entities. Developers andDevOps teams can allow partner or customer employees to authenticate with existing credentials, canauthorize granular access or temporary permissions to an AWS app build, can use the AWS CommandLine interface (CLI), and can secure app access with MFA everywhere.AWS Account 1ProjectsSCIMAutomatedProvisioningUserResourcesAWS Account 2UserSAMLSingle Sign-On(SSO)AWS/SSOProjectsUserResources

eBookApril 2021Accelerating CloudMigration withOkta and AWSFor a lot of enterprises, migrating on-premises enterprise apps and resourcesto more efficient cloud solutions was once a long-term goal. That timetablehas rapidly accelerated, thanks to a shift to dynamic hybrid workforces plusincreased demand for high quality digital employee and customer experiences.Today, migrating your applications to the cloud—quickly, safely, and efficiently—isa higher priority than ever.AWS is an essential element ofour cloud deployment strategy.AWS enables scale, flexibilityand resiliency—and Oktaenables us to manage accessfor our large population ofAWS users effectivelyand efficiently.”—Lee Congdon, CIO at Ellucianus to take some of our bestand brightest engineers, whowere working hard on solvingthe identity problem, and letthem not have to worry aboutit.Those teams are now ableto develop new features,improve personalization,build Cengage’s subscriptionservice, and improve theIn the new normal, enterprises need to support flexible workforces that canwork from anywhere, at any time, on any device. Organizations need centralizedcontrol over access, and the ability to be able to quickly scale operations up ordown as these workforces and their projects fluctuate. And they need to providefrictionless experiences across channels, for their workforces as well as for theircustomers. In this way, businesses can encourage customer engagement, createnew revenue opportunities, secure employee loyalty, and build trust.The key to making it happen: smart, safe, and efficient cloud migration withOkta and AWS.Moving to Okta has allowedstudent learning experience.”— George Moore, Chief TechnologyOfficer at CengageWe use Okta to secureour departments’ entiredevelopment environment.That includes our AWS login,multiple AWS accounts,our secure login, andcontinuous integrationand development tools.”— Friedrich Gloeckner, Team LeadArchitecture and SoftwareDevelopment at SiemensMobility ServicesInstead of paying 170,000 inActive Directory user CALs,I’m paying a fraction of thecost in subscriptions for cloudservices. Okta makes thishuge cost savings possible.”— M ike Hincks, Director of ITInfrastructure at Vivint Solar

6eBookApril 2021How Okta and AWS Supportthe “Six Rs” of Cloud MigrationOkta and AWS streamline your shift to cloud, no matter which ofthe six standard strategies your cloud migration plan ain“Lift-and-shift” anapplication and itsworkloads to run in thecloud. Okta and AWSbring new efficiencyto rehosting scenarioswith centralized,identity-basedaccess decisions.Start from scratch tore-code high-prioritybusiness-criticalsystems. Dev teamsusing AWS’s elasticinfrastructure willappreciate being ableto sign in once tomultiple resources.Update some appcomponents whileretaining the core sourcecode. This integrationgives your users intuitiveSingle Sign-On accessto your cloud-enabledapps, protected bystrong MFA.Replace old/outdatedapps with best-of-breed,cloud-first solutions.Access to those variedsolutions is easy andsecure with Okta’s roleand group-based identitymanagement.Optimize an app’sunderlying architectureto fully embrace cloud.Building in support forOkta’s modern identityprotocols like OpenIDConnect and OAuthwill keep accesssecure.Leave some core/sensitive apps as isor delay for a laterretirement. You can adda Zero Trust identitylayer to protect thoselegacy apps as well,for as long as youkeep them.

eBookApril 2021SaaSDirectorySyncIdentity CloudOkta ADAgentTrustRelationshipAWS ManagedMicrosoft ADMSOn PremisesAppsActiveDirectoryOkta Advanced Server AccessOktaAccessGateway7AWS Single Sign-On (SSO)Customer PremiseAmazonManagedServicesEC2,with ADAmazon EC2,no ADAWS MgmtConsoleAWS CLIAWS ServicesAWS ServicesLeveraging AWS ManagedMicrosoft AD with OktaAWS Directory Service for Microsoft Active Directory enablescompanies to run directory-aware workloads in the AWS Cloud,including Microsoft SharePoint and custom .NET and SQL serverbased applications. It also provides seamless access to AWS servicessuch as Amazon RDS for SQL Server and Amazon FSx for WindowsFile Server. AWS Managed AD can be run standalone—as a company’sonly AD environment—or can be an extension of a company’s legacyon-premises identity infrastructure. Here’s how Okta and AWS worktogether to support three specific deployment scenarios.Adding Okta Identity Cloud when Extendingan Existing AD Infrastructure into AWSvia AWS Managed Microsoft ADAdding Okta Identity Cloud to anExisting AWS Managed Microsoft ADDeployment that’s the Primary DomainAdding AWS Managed Microsoft AD to anExisting Okta Identity Cloud DeploymentIn this scenario, organizations are using AWS Managed Microsoft ADas their primary AD environment, connecting any limited premisebased infrastructure to AWS Managed Microsoft AD.In this scenario, organizations with legacy, premise-based ADinstances are extending their AD environment into AWS in supportof workload migration to the cloud or to support the use of AWSservices like Amazon RDS for SQL Server and Amazon WSWorkSpaces.In this scenario, a customer is already using the Okta IdentityCloud, and has made the investment in cloudifying their identityinfrastructure. The majority of customers are using Okta to abstractidentities away from Active Directory, connect all SaaS to Okta,and automate user lifecycle management with Okta.For more details on these deployments, please check out okta.com [tkexactURLformodernizeidentitywhitepaper]

8eBookApril 2021Bonus: Supportfor DevOps andDevelopersStep 1Initiate SSO authentication from CLIDevelopers will additionally benefit from the efficiencies of the Okta and AWS SSO integration thanks tosupport for the AWS Command Line Interface (CLI). The AWS CLI is a powerful tool that enables developersand DevOps teams to manage multiple AWS services and automate commands via scripting. With theOkta and AWS SSO integration, developers can now sign-in with their Okta credentials and Okta MultiFactor Authentication (MFA).With AWS CLI v2 support for AWS Single Sign-On, AWS CLI profiles can be linked to AWS SSO accounts,allowing Okta to act as the external identity provider. They just initiate SSO authentication from CLI, signin with Okta credentials including MFA, and they’re seamlessly authorized to all their AWS accounts androles, all without leaving the Command Line Interface. This gives developers a secure and seamless Oktalogin experience, quickly getting them in to focus on building apps.Step 2Sign-in with Okta credentials MFAStep 3You’re authorized to AWS accounts and roles!

9eBookApril 2021Okta and AWS: Joint Solution Benefits Provide seamlessaccess into AWSapps, accounts,and resourcesfrom any device Leverage Adopt a Zeroexisting HRTrust securitycredentials toposture thatautomate AWSkeeps cloudprovisioning,resource accesssaving countlesssecure at scalehours for IT Extend thissecure, seamlessexperience tocustomers,partners,resellers, andother parties Support aremote or hybridworkforce withanywhere,anytime accessto appropriateAWS cloudresources Centralize accessadministrationfor IT, and reducemanual accessmanagementtasks whilekeepingenterpriseresources safe Acceleratecloud migration,increase teamproductivity,shorten time tovalue for newhires, and gainefficiencies