Relying Party Configuration - Keeper Password Manager 14.4 - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on May 9, 2019
Version 1Show Document
  • View in full screen mode

This section describes how to integrate RSA SecurID Access with Keeper Password Manager using relying prty. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Keeper Password Manager SAML Service Provider (SP).

Architecture Diagram

RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Keeper Password Manager.

Procedure

1. Logon to the RSA Cloud Administrative Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

2. Enter a Name and click Next Step.

3. Configure the Authentication settings and click Next Step.

  1. Select RSA SecurID Access manages all authentication.
  2. Select your desired Primary Authentication Method.
  3. Select your desired Access Policy for Additional Authentication.

4. Set Data Input Method to Enter Manually and scroll down to the Service Provider Metadata section.

5. Configure the Service Provider Metadata settings and scroll down to the Audience for SAML Response section.

  1. Enter the Assertion Consumer Service (ACS) URL in the format below and changing <fqdn> and <port> to match your Keeper SSO Connect deployment.

      https://<fqdn>:<port>/sso-connect/saml/sso

  2. Enter the Service Provider Entity ID in the format below and changing <fqdn> and <port> to match your Keeper SSO Connect deployment.

Note:  If the values for ACS URL and SP Entity ID are not known, enter placeholder values so that you can continue with the configuration. After you have configured the SP, return to this section and input the correct values.

6. Leave the default settings and scroll down to the Message Protection section.

7. Leave the default settings and click to Show Advanced Configuration.

8. Configure the User Identity settings and scroll down to the Attribute Extension section.

  1. Set NameID Identifier Type to unspecified.
  2. Set NameID Property to the identity source attribute which holds the Keeper Security account name.

9. Configure the Attribute Extension settings and click Save and Finish.

  1. Add extension with Attribute Name Email with Attribute Source Identity Source and Property mail.
  2. Add extension with Attribute Name First with Attribute Source Identity Source and Property sn.
  3. Add extension with Attribute Name Last with Attribute Source Identity Source and Property givenName.

10. Click Publish Changes.

11. In the My Relying Party page, locate the application and click EditView or Download IdP Metadata.  A file named IdPMetadata.xml should be downloaded.

Keeper Password Manager

Follow the steps in this section to configure Keeper Password Manager as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

1. Install Keeper Security SSO Connect and sign in using a Keeper Administrator account.

2. Open the Configuration tab, configure the SSO Connect Server Configuration settings and scroll down to the Identity Provider section.

3. Set the IDP Type to Default, upload the SAML Metadata file you downloaded in the previous section and click to Save.

If you left placeholder values in the RSA Cloud Administration Console then follow the remaining steps.  Otherwise, configuration is complete.

4. Click to Export Metadata from Keeper SSO Connect.

5. Open the metadata file with a text editor and locate the ACS URL and SP Entity ID values.

6. Return to the RSA Cloud Administration Console and replace the placeholder values with the correct ones and publish the changes.

Configuration is complete.

Return to the main page for more integration related information.

 

Attachments

    Outcomes