Amazon AWS Apps Portal

This guide explains how to integrate AWS Apps Portal with UserLock Single Sign-On (SSO) using AWS SSO as a service provider.

By configuring UserLock SSO as the Identity Provider (IdP) for AWS SSO, you can protect all SaaS applications federated within the AWS Apps Portal using UserLock access policies (MFA, time, machine, or location restrictions) on SSO sessions.

🚩️ Before starting:

• AWS SSO must already be configured to authenticate through UserLock.
  See Configure AWS for UserLock SSO.

• UserLock SSO must already be installed and configured.

1. In AWS SSO, go to Applications ▸ Add a new application.

2. Search for Dropbox, select it, and click Add application.

3. Download the AWS SSO certificate.

4. In the Assigned users tab, add the test account that will be used for validation.

1. In another browser tab, open the Dropbox admin console.

2. Go to Settings ▸ Single Sign-On.

3. Complete the form as follows:
   

   Settings	Values
   Identity Provider Login URL	Enter the AWS SSO sign-in URL
   Identity Provider Logout URL (optional)	Enter the AWS SSO sign-out URL
   X.509 certificate	Upload the AWS SSO certificate downloaded earlier

4. Save and test the setup.

1. Open the User Portal URL (available in AWS SSO Settings).

2. Select Dropbox from the list of applications.

3. Confirm that authentication is performed through UserLock SSO.

You can extend the security of SSO sessions by applying UserLock access policies in addition to authentication.

• Apply MFA on SaaS connections to require stronger authentication.

• Hour restrictions: define when users are allowed to connect.

• Geolocation rules: enforce access policies based on user location.

• Session limits: allow or deny SaaS logins entirely for specific users.