AWS WorkMail has launched a new integration with AWS Identity and Access Management (IAM) Identity Center, enabling single sign-on capabilities through compatible third-party external identity providers, including Okta Universal Directory. The integration leverages IAM Identity Center’s security features while providing the familiar single sign-on experience through Okta, building upon AWS’s previous SSO enhancements that added support for security keys and WebAuthn.
The new functionality supports integration with multiple third-party identity providers beyond Okta, including Microsoft Entra ID, Google Workspace, JumpCloud, OneLogin, Ping Identity products, and Active Directory. The broad compatibility allows organizations to maintain their existing identity management infrastructure while adding WorkMail integration, reflecting the growing trend toward consolidated identity and access management solutions in enterprise environments.
For implementation, administrators must first configure the connection between Okta and IAM Identity Center through the Okta Admin Dashboard. The process involves adding the AWS IAM Identity Center application from Okta’s app catalog and configuring the necessary SAML information, including downloading and implementing security certificates. The SAML-based approach matches industry standards for secure authentication and follows established enterprise identity management practices.
WorkMail’s default authentication mode should be configured to support both WorkMail directory and Identity Center access. The dual-mode configuration allows users to maintain direct login capabilities to the WorkMail client while enabling SSO for web-app access. For mobile and desktop access, users can use Personal Access Tokens (PATs), which are obtainable after logging into the WorkMail web client, providing a secure method for application-specific authentication.
The system requires verification through spot testing to ensure proper functionality. When properly configured, users who authenticate through Okta will be redirected to the AWS access portal, where they can access WorkMail along with other integrated AWS applications through dedicated tiles. The streamlined access approach reflects Gartner’s prediction of increased adoption of app-based IAM solutions in workplace environments.
The integration represents a significant enhancement to AWS WorkMail’s authentication capabilities, providing organizations with additional options for managing user access while maintaining security standards. The solution combines the robust security features of IAM Identity Center with the widespread adoption and familiarity of Okta’s authentication services, addressing the growing enterprise demand for unified identity management solutions that balance security with user convenience.
Sources: AWS Blog, Security Affairs
Follow Us