Goal

After following this tutorial, you will have set up UserSync together with our AWS app. UserSync will create or update the user during login with the data from your Identity Provider.

If you need a Just-In-Time setup (create/update users with the claims sent by the load balancer), please see here.


Prerequisites


Step-By-Step Guide



After setting up a UserSync connector, please follow these steps:


  1. Go to the AWS ALB & Amazon Cognito Authentication configuration and scroll down to the User Provisioning section. Tick Update with UserSync to show the UserSync settings.



  2. Click the Which UserSync connector do you want to use?. Dropdown and choose the connector you have configured before (Okta for this example).

    If you haven't configured the connector yet, make sure to follow the corresponding guide:

    Azure AD

    Google Cloud Identity

    Keycloak

    Okta

    OneLogin

  3. Now, we must configure the UserSync lookup attribute. This is how UserSync searches remotely for the user. The value depends on the identity provider.
    Please see the table below for the respective value:


    AzureOktaGoogle Cloud IdentityAWS CognitoKeycloak
    Attribute name to be usedoid or upn (preferably oid)emailemailemailemail


    Click Edit to continue

  4. If you need to adjust the value, click Edit and replace the standard configuration with the name from the table above.


  5. Save your configuration



When logging in, your user should now be updated or created by the UserSync connector.