SSO Agent - SAML Configuration - Keeper Password Manager 14.4 - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on May 9, 2019
Version 1Show Document
  • View in full screen mode

This section contains instructions on how to integrate RSA SecurID Access with Keeper Password Manager using a SAML SSO Agent.

Architecture Diagram

RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Keeper Password Manager.

Procedure

1. Log on to the RSA Cloud Administration Console and browse to Applications > Application Catalog, search for Keeper and click +Add to add the connector.

2. Enter a Name and click Next Step.

3. Leave the default Initiate SAML Workflow settings and scroll down to the SAML Identity Provider (Issuer) section.

4. Configure the SAML Identity Provider settings and scroll down to the Service Provider section.

  1. Leave the default Identity Provider URL and Issuer Entity ID.
  2. Upload the SAML Response Signature Private Key and Certificate. Use from Generate Cert Bundle tool or your own.

5. Configure the Service Provider settings and scroll down to the User Identity section.

  1. Enter the Assertion Consumer Service (ACS) URL in the format below and changing <fqdn> and <port> to match your Keeper SSO Connect deployment.

      https://<fqdn>:<port>/sso-connect/saml/sso

  2. Enter the Service Provider Entity ID in the format below and changing <fqdn> and <port> to match your Keeper SSO Connect deployment.

Note:  If the values for ACS URL and SP Entity ID are not known, enter placeholder values so that you can continue with the configuration. After you have configured the SP, return to this section and input the correct values.

6. Configure the User Identity settings and click to Show Advanced Configuration.

  1. Identifier Type: Set to unspecified.
  2. Identity Source: Choose your identity source.
  3. Property: Set to the identity source attribute which contains the Keeper Security userid.

 

7. Configure Attribute Extensions and click Next Step.

  1. Add extension with Attribute Name Email with your Identity Source and Property mail.
  2. Add extension with Attribute Name First with your Identity Source and Property givenName.
  3. Add extension with Attribute Name Last with your Identity Source and Property sn.

8. Configure Access Policy settings and click Next Step.

9. Configure Portal Display settings and click Save and Finish.

10. Click Publish Settings.

11. Click Applications > My Applications, locate the Keeper application, and click to Export Metadata.

 

Keeper Password Manager

Perform these steps to configure Keeper Password Manager as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

1. Install Keeper Security SSO Connect and sign in using a Keeper Administrator account.

2. Open the Configuration tab, configure the SSO Connect Server Configuration settings and scroll down to the Identity Provider section.

3. Set the IDP Type to Default, upload the SAML Metadata file you downloaded in the previous section and click to Save.

If you left placeholder values in the RSA Cloud Administration Console then follow the remaining steps.  Otherwise, configuration is complete.

4. Click to Export Metadata from Keeper SSO Connect.

5. Open the metadata file with a text editor and locate the ACS URL and SP Entity ID values.

6. Return to the RSA Cloud Administration Console and replace the placeholder values with the correct ones and publish the changes.

Configuration is complete.

Return to the main page for more integration related information.

 

Attachments

    Outcomes