Please help on Okta MFA #118
Comments
|
Have you tried disabling MFA and logging in? Just to ensure your basic configuration is working. |
|
Oh yea basic works just fine with multiple AWS accounts, using |
|
Any chance this is related to #84 ? |
|
Seems like when MFA on Okta is setup on okta org or group level, this works. But not, when MFA is setup at the AWS app level. |
|
See this as well. Nextdoor/nd_okta_auth#2 |
|
Is this still an issue? How do we enable MFA with CLI? |
|
OK I need to fire up my okta developer account and take a look at the output of --debug. I didn't even know you could do per app configuration of MFA. |
|
@pwmcintyre How are you configuring this at the moment? |
|
I'm experiencing this same issue with 2.5.0 on macOS; my organization has Okta configured for MFA on a per-application basis (i.e., MFA is enabled for AWS, but not all apps in the tenant). (Based on my understanding of the underlying issue, neither the version of I have cycles to prepare a patch for this functionality, but I think I'll need a little guidance to do so effectively. Can someone help me sort out how to diagnose what Okta does differently in the per-application case vs. in the tenant-wide case? |
|
... looks like I have to rescind my offer here; I was mistaken about having cycles for this. My organization is switching to org-wide MFA tomorrow, so there's no justification for investing dev effort in support of app-level MFA. Apologies for the offer-then-retraction. |
|
Hello, We are looking for a solution to use MFA at the application level. Any updates on this issue? Or any indications on how can this be solved? |
|
I confirm, app level MFA enforcement accounts are failing while it works for Org level exactly as @kevbook mentioned. can we expect a solution sometime sooner? Thanks |
|
The same issue persist for me too. Expecting for a solution sooner or later. Thank you |
|
I had a look at this, and it seems there is no way to handle this mfa setup without running a browser capable of running javascript. |
|
Can anyone on this thread confirm that they saw the app-level MFA issue with Duo specifically? I see that the code for Duo is fairly different from the other cases. Would save me the time of setting up an evaluation Duo account to find out what I already suspect... |
|
Good news for anyone using Duo MFA with Okta: saml2aws works with application-level MFA for Duo 🎉 |
|
I think this should fix Okta with TOTP MFA: #369 |
|
repeating myself from PR for visibility:
|
Sorry, I never ask these questions on repo issues. [
v2.0.3on mac 10.13.2]Config for multi-account done exactly as here http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service.html
saml2aws login --verboseorsaml2aws login --verbose --mfa="totp"The text was updated successfully, but these errors were encountered: