You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Need to update the README noting there is not device posture support in AWS Federation App / web SSO token at this time. Therefore it is not possible to achieve this in the okta-aws-cli.
Background notes:
“When device state is required in the authentication policy the processing on the AWS Application will fail to either the catch-all rule or alternative rule preventing aal3+ device trust requirements.”
"We have no means of collecting device posture on the token exchange call, so rules with that condition will not be hit"
"We are planning on greater investments to web_sso_token, expanding it to other use cases"
The text was updated successfully, but these errors were encountered:
Hey @monde , is this something that will be fixed in the future? This is causing an issue for us as we need both Web and CLI access to support ODT and Phish Resistant factors.
HTTP 400 errors caused by MFA challenge on our end were due to mismatched policy between Native OIDC app and AWS Account Federation SAML app. Issues were resolved by assigning the same (OIE) Authentication Policy to OIDC intermediary authZ and SAML authN apps.
Need to update the README noting there is not device posture support in AWS Federation App / web SSO token at this time. Therefore it is not possible to achieve this in the okta-aws-cli.
Background notes:
“When device state is required in the authentication policy the processing on the AWS Application will fail to either the catch-all rule or alternative rule preventing aal3+ device trust requirements.”
"We have no means of collecting device posture on the token exchange call, so rules with that condition will not be hit"
"We are planning on greater investments to web_sso_token, expanding it to other use cases"
The text was updated successfully, but these errors were encountered: