managing-cloud-identity-with-okta

# Managing Cloud Identity with Okta ## When to Use - When centralizing authentication across AWS, Azure, and GCP console access through a single identity provider - When implementing phishing-resistant MFA to replace SMS or TOTP-based authentication - When automating user provisioning and deprovisioning across cloud platforms and SaaS applications - When enforcing adaptive access policies based on device compliance, user risk, and network context - When auditing identity-related security controls for SOC 2 or zero trust compliance **Do not use** for cloud-native identity management without external IdP requirements (use AWS IAM Identity Center or Azure AD natively), for application-level authorization logic, or for secrets management (see implementing-secrets-management-with-vault). ## Prerequisites - Okta organization with admin console access and appropriate license tier (Workforce Identity) - AWS, Azure, and GCP accounts configured for SAML or OIDC federation - Okta Universal Directory populated with user identities synced from HR system or Active Directory - Device management platform (Intune, Jamf) for device trust integration ## Workflow ### Step 1: Configure SSO Integration with Cloud Providers Set up SAML 2.0 or OIDC federation between Okta and each cloud provider console for centralized authentication. ``` Okta AWS SSO Integration (SAML 2.0): 1. In Okta Admin Console: Applications > Add Application > AWS Account Federation 2. Configure SAML settings: - Si...