---
locale: "en"
updated_at: "2025-10-28T12:36:43.124Z"
canonical: "https://www.isdecisions.com/en/userlock/docs/guides/sso/configure-the-applications/amazon-aws-apps-portal"
---

# Amazon AWS Apps Portal

Set up SSO access to the AWS Apps Portal.

## Introduction

This guide explains how to integrate AWS Apps Portal with UserLock Single Sign-On (SSO) using AWS SSO as a service provider.

By configuring UserLock SSO as the Identity Provider (IdP) for AWS SSO, you can protect all SaaS applications federated within the AWS Apps Portal using UserLock [access policies](/userlock/docs/reference/core-concepts/access-policies) (MFA, time, machine, or location restrictions) on SSO sessions.

🚩 **Before starting:**

- **AWS SSO** must already be configured to authenticate through UserLock. 
See [Configure AWS for UserLock SSO](/userlock/docs/guides/sso/configure-the-applications/aws).
- UserLock SSO must already be [installed and configured](/userlock/docs/guides/sso/install-configure-sso).

> **Note**
>
> In this example, we show how to configure **Dropbox** with AWS SSO.
> Each SaaS application has its own requirements, so refer to the official documentation for detailed steps specific to the app you want to integrate.

## Step 1. Configure AWS SSO for the application

1. In **AWS SSO**, go to **Applications ▸ Add a new application**.
2. Search for **Dropbox**, select it, and click **Add application**.
3. Download the **AWS SSO certificate**.
4. In the **Assigned users** tab, add the test account that will be used for validation.

## Step 2. Configure the SaaS application (Dropbox example)

1. In another browser tab, open the **Dropbox admin console**.
2. Go to **Settings ▸ Single Sign-On**.
3. Complete the form as follows:
  | Settings | Values |
  | --- | --- |
  | Identity Provider Login URL | Enter the **AWS SSO sign-in URL** |
  | Identity Provider Logout URL (optional) | Enter the **AWS SSO sign-out URL** |
  | X.509 certificate | Upload the **AWS SSO certificate** downloaded earlier |
4. Save and test the setup.

## Step 3. Test the configuration

1. Open the **User Portal URL** (available in AWS SSO Settings).
2. Select **Dropbox** from the list of applications.
3. Confirm that authentication is performed through **UserLock SSO**.

![](https://a.storyblok.com/f/122374/1007x339/fe7c4b3a0b/aws-portal-dropbox.png)

## Next steps

You can extend the security of SSO sessions by applying UserLock access policies in addition to authentication.

- [Apply MFA on SaaS connections](/userlock/docs/guides/mfa-implementation/mfa-for-sso) to require stronger authentication.
- [Hour restrictions](/userlock/docs/reference/access-policies/time-restriction): define when users are allowed to connect.
- [Geolocation rules](/userlock/docs/reference/access-policies/geolocation): enforce access policies based on user location.
- [Session limits](/userlock/docs/reference/access-policies/session-limit): allow or deny SaaS logins entirely for specific users.
