G-Suite with AWS SSO

OPSWAT MetaDefender IT-OT Access can be easily integrated with an existing G-Suite & AWS SSO integration to ensure that a device is compliant with the organization's security policy before it is granted access to AWS Console. This ensures that the user is not only authenticated by G-Suite, but also a device the user uses to access SaaS applications tested for risks and vulnerabilities such as infections or outdated operating systems, BEFORE it access an organization's cloud services.

To get started with implementing OPSWAT MetaDefender IT-OT Access integration to enforce device posture check before granting a device to access AWS with G-Suite service.

After configuring SSO, you should test it out to make sure that SSO works as expected.

Now it's the time you can integrate MetaDefender IT-OT Access with your G-Suite & AWS SSO by following the below steps. You can learn more details for each step here at 3.1.1. How to set it up?

Step 1. Enable Access Control on your MetaDefender IT-OT Access account

  1. Log into the MetaDefender IT-OT Access console
  2. Navigate to Secure Access > Protected Apps
  3. Check "Enable Secure Access".
  4. Click SAVE.
  5. Navigate to Integrations and then Device Identity, and enable Enable cross-domain API integration at port xxxx

Step 2. Add protected applications with IdP Method on MetaDefender IT-OT Access

  1. Log into G-Suite admin console
  2. Go to Apps > Web and mobile apps then click on your application. For example: AWS
  1. Download G-Suite certificate: the next step is importing an G-Suite certificate to MetaDefender IT-OT Access. This allows MetaDefender IT-OT Access to verify users signing though a trusted G-Suite. Download the certificate by following these steps:
    1. Click on Download Metadata on the left and click the download button to download the certificate
  1. Collect Idp Login URL
    1. In the Download Metadata popup, scroll down and copy SSO URL

  1. Collect AWS SSO Sign-in URL

    1. Login to your AWS console then go to AWS SSO > Settings then click on the Change link in the section **Identity source
  1. Show individual metadata values then copy **AWS SSO Sign-in URL

**

  1. Add AWS application on MetaDefender IT-OT Access:
  2. Log into the MetaDefender IT-OT Access console.
  3. Navigate to Secure Access > Protected Apps
  4. Click Add Protected Application then choose IDP METHOD option
  5. Choose option Add new IDP, enter name and upload the certificate got in step 2.3. Then Continue
  6. Enter required field
  • Application__: application name, for example: aws
  • IDP: choose the IDP created in the previous step
  • IdP Login URL: fill with the link which you have from Step 2.5
  • App ACS URL: fill with the link which you have from Step 2.4
  • Access Mode: pick an access mode you prefer. See details on the access modes at Step 2. Add protected applications with IdP Method

  1. Enter your pin then click SAVE

  2. After saving your changes successfully, it shows a popup, copy the URL MetaDefender IT-OT Access generated there and download Opswat Certificate.

  3. Configure Access Rules. This step can be skipped if you have done this step in the past or you can use the default rules

  • Navigate to Secure Access > Rules

  • Click "ADD NEW RULE"

  • With a new access rule, you need to specify how you would like to block/allow access a device from the application

    • Rule name: a rule name, for example Block non-compliant devices
    • Action: Block or Allow
    • Configure conditions to do the action. Details at Step 3. Configure Access Rules

  • Click ADD RULE

Step 3. Update Applications settings on G-Suite

  1. Log into G-Suite admin console
  2. Navigate to your application
  3. Click to section Service provider details then replace the ACS URL with the link got in step 2.7
  1. Click Save

Step 4. Configure SSO settings on AWS SSO

  1. Login to your AWS console then go to AWS SSO > Settings then click on the Change link in the section Identity source
  2. Go to the section Identity provider metatdata
  3. Fill IdP sign-in URL with the URL link got in step 2.7
  4. Upload OPSWAT certificate got in step 2.7 to IdP certificate
  5. Click Next Review

Step 5: Test your integration

Follow guideline at Step 6: Test your integration to test your integration to verify if it works as your expectation.

DONE! CONGRATULATIONS.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Microsoft Azure with Salesforce
On This Page
G-Suite with AWS SSOStep 1. Enable Access Control on your MetaDefender IT-OT Access accountStep 2. Add protected applications with IdP Method on MetaDefender IT-OT AccessStep 3. Update Applications settings on G-SuiteStep 4. Configure SSO settings on AWS SSOStep 5: Test your integration