📌 Section 1 — Executive Summary

Executive Summary

This lab demonstrates the design and configuration of SAML-based federation between Okta (Identity Provider) and AWS IAM Identity Center (Service Provider).

The goal was to validate:

• SAML assertion generation from Okta
• SP-initiated login flow
• Certificate trust alignment
• Attribute mapping correctness
• Permission set assignment mechanics
• Federation logging visibility in Okta

While full JIT user creation was impacted by environment constraints, all federation components were successfully validated through configuration review and log analysis.

🏗 Section 2 — Architecture Diagram (Text-Based)

Federation Flow Overview

User → AWS Access Portal → Redirect to Okta
→ Okta Authentication
→ SAML Assertion Issued
→ AWS IAM Identity Center Validates Assertion
→ User Session Established
→ Permission Set Applied

Key Components:

• Identity Provider: Okta
• Service Provider: AWS IAM Identity Center
• Protocol: SAML 2.0