Still being prompted for IDP and role even after specifying in profile section of okta.yaml

[jdispiritoae]

Hi,
I have multiple Okta AWS configurations, but I'm trying to configure a profile to use a specific one, and a specific role.
I'm using version 2.5.0, I have the following config in my ~/.okta/okta.yaml file:

---

awscli:
profiles:
developer:
oidc-client-id: "0123456789abcdef"
org-domain: "mydomain.okta.com"
aws-iam-idp: "arn:aws:iam::0123456789012:saml-provider/MyProvider"
aws-iam-role: "arn:aws:iam::0123456789012:role/Developer"
write-credentials: true
open-browser: true

When I run okta-aws-cli --profile developer, it opens the browser, and I activate my device, next it proceeds to
show me all of my Idps, and then when I select an IDP, it prompts me for all of the roles I have access to instead of
using the one I have listed in here.

okta-aws-cli debug tells me the file is fine, it does warn me about mssinging an idps secton, but in the example documentation for this use case, there isn't an IDP section listed.

I've also tried passing all of these values on the command line with the same effect.

I'm under the impression that it should just give me the credentials I need without prompting for an IDP or a role.

I believe I'm doing everything correctly
Any help provided would be greatly appreciated.
Thank you!

[zampettim]

I have the exact same issue. It makes using scripts or other automation very difficult since it prompts for the IDP to use.

[jdispiritoae]

I fixed this by using --aws-acct-fed-app-id instead of the role.

[zampettim]

How is the aws-acct-fed-app-id information obtained?

[zampettim]

I was able to find the app id using the string embedded in the Okta Tile Link. Adding that also fixed it for me.