Can't authenticate if App-level MFA is turned on about aws-okta HOT 8 CLOSED

I proposed a solution in #83. If anybody wants to try it out before it's merged, then I've released a macOS binary that supports app-level MFA if you follow these instructions.

from aws-okta.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from aws-okta.

We are just starting to trial Okta with AWS and hit this issue today too. We use Okta for a bunch of apps and don't want to enable MFA globally, rather on a per-app basis.

I have tested that aws-okta works if we enforce MFA globally for all apps and it works nicely with Google Authenticator, Okta Verify etc.

However, if we enforce MFA only on the AWS Application itself, aws-okta fails with the same error as @ostankin describes.

from aws-okta.

Sad to see this one die on the vine. We were going to switch all our AWS access from local IAM access and assuming roles with MFA to this. The lack of support for application MFA has blocked us.

from aws-okta.

Sad to see this one die on the vine. We were going to switch all our AWS access from local IAM access and assuming roles with MFA to this. The lack of support for application MFA has blocked us.

#83 was pretty close to being accepted and merged. If you wanna take some time to spruce it up, we can get it in. Also, I'd love to have a non-Segment volunteer to maintain it, since we wouldn't be using it ourselves, and it's a substantial chunk of code.

from aws-okta.

Fair enough. The python solution from https://github.com/Nike-Inc/gimme-aws-creds works with app-level MFA and SAML, so it'd be worth seeing if there could a solution there. Switching away from SAML isn't something we can take on right now.

from aws-okta.

Any chance for supporting app level MFA. This feature will certainly be very useful.

from aws-okta.

@ramamoob #63 (comment)

from aws-okta.