Support when Device State not set to Any #239
Comments
|
I would like to add my weight on to this. okta-aws-cli means you basically cannot use Device Trust to restrict the AWS SAML Federated application if you use the okta-aws-cli. I think the OKTA team have to go back to the drawing board on this device authentication flow implementation. Authorization Code flow which pops open the browser could have worked in most Windows or Mac cases to let the core okta piece challenge for the Fastpass details calling 127.0.01/ methods on the OKTA verify app. Not sure why okta-aws-cli couldn't also to this on the respective platforms where OKTA Verify for Desktop is supported? In addition it feels like if linking the AWS Console access trust level to the AWS CLI access trust level if the CLI at this time cannot support device trust then at least ensure that developers can access the AWS CLI and restrict the AWS Console to registered managed devices or if this could be in someway feature flagged. At the moment the KB article pretty much says "turn off Device Trust" in a long winded way.... |
|
Yeah, extremely disappointing that Okta continues to put out half baked solutions here with intent to "fix" problems like this but years later still no fix. The "solution" is to relax the security restrictions on an app which needs tight security restrictions. |
|
Related #65 |
We have been using this tool; however, recent security policy changes require our Device State to be set to Managed, which has stopped this tool from working. We're wondering if there are plans to support this or provide guidance on how we could get this working ourselves.
The text was updated successfully, but these errors were encountered: