• JIT Access

        • Self Service Secure Passwordless Authentication

        • JIT Policies

        • Effective Access Policy Control for your entire organization

        • PAM

        • Simplified Privileged Access Management for the cloud and onPrem

        • JIT Approvals

        • Secure Custom Non Repudiation Approvals Management

        • Healthcare

        • Learn how to completely secure the Healthcare environment.

        • Legacy Devices

        • Learn how to leverage our JIT platform to secure your legacy and IOT devices.

        • Vulnerability Mitigation

        • Discover how using JIT Access and PAM can prevent a variety of CVE’s and attacks.

        • Compliance

        • Learn more about how our audit and compliance tools can help you maintain compliance.

        • Passwordless

        • Going passwordless doesn’t have to be hard. Find out how we can get you up and running fast.

        • Protecting Users with Intent

        • Upgrade your security, reduce costs and empower your users by capturing intent.

Amazon Cognito Integration

The Next Level3 AWS Cognito integration is designed to be used for your existing applications or sites that are using AWS Cognito for authentication. This integration will allow you to easily add Account Protection to any application the leverages AWS Cognito for authentication. 

pre-requisites

 

Requirements: 

– Application Authenticated via Amazon Cognito User Pools
– Next Level3 Company Account
– Signing Key created for an application in the Next Level3 Company Portal

 

Account Protection

ADDING ACCOUNT PROTECTION TO AMAZON COGNITO

The first step to add an NL3 Account Protection Check to an existing application that uses Amazon Cognito User Pools for authentication is to create a Lambda function that performs the lock check. Here is some sample Python code:

				
					import json
import os
import requests
import base64
import logging
from datetime import datetime
import jwt

def getLockStatus(token, api_uri, api_path, validationData):
  responseDict = {}
  try:
    headers_dict = {"x-nl3-authorization-token": token, "Content-Type": "application/json"}
    data_dict = {
      "userIP": validationData["ip"],
      "userDevice": validationData["device"],
      "userLocation": validationData["location"],
      "integrationType": "cognito",
      "integrationData": json.loads(validationData["additionalData"])
    }
    response = requests.post("".join([api_uri,api_path]), headers=headers_dict, json=data_dict)
    responseDict = response.json()
  except Exception as e:
    responseDict = { "message": str(e) }

  return responseDict

def lambda_handler(event, context):
  if event["callerContext"]["clientId"] == os.environ["CLIENT_ID"]:
    username = event["userName"]
    claims = {
      "iss": os.environ["APP_URI"],
      "iat": (datetime.utcnow().timestamp() + (-1 * 60)),
      "exp": (datetime.utcnow().timestamp() + (5 * 60)),
      "aud": os.environ["API_URI"],
      "sub": username
    }
    ### Ildeally the Signing Key would be stored and retrieved from a secrets manager
    ### and not an environmental variable
    decodedDomainToken = base64.b64decode(os.environ["SIGNING_KEY"])
    token = jwt.encode(
      payload=claims,
      key=decodedDomainToken
    )
    response = getLockStatus(token, os.environ["API_URI"], os.environ["API_PATH"], event["request"]["validationData"])
    if response.get("locked", False):
      raise Exception(os.environ["LOCKED_MESSAGE"])

    # Return to Amazon Cognito
    return event

The next step is to configure the Amazon Cognito User Pool to call this Lambda function as a “Pre authentication” trigger by clicking on the User Pool and then selecting “Triggers” under “General Settings” in the side menu. Then, you will select the function you created in the drop-down box under “Pre authenticaiton” as follows:

Quick Links
Get In Touch

Patents and Patent Pending - © 2022 All Rights Reserved.

Privacy Preference Center

Consent Management

https:/privacy/

Required
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Necessary

These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services. These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Cookies Used

Required
Session Cookies, Persistent Cookies, Flash Cookies

nextlevel3.com

Opt Out
nextlevel3.com

Advertising

Analytics

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Cookies Used

google-analytics.com

google-analytics.com

Opt Out
Web Beacons

Other

Scroll to Top