Facebook Workplace - Relying Party Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Jul 28, 2020
Version 1Show Document
  • View in full screen mode

This section describes how to integrate RSA SecurID Access with Facebook Workplace using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Facebook Workplace SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Facebook Workplace .

Procedure

  1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

  2. From the Relying Party Catalog, select the +Add button for Service Provider SAML.

  3. Enter a Name in the Basic Information section and click Next Step.

  4. Configure the Authentication settings and click Next Step.

    1. Select RSA SecurID Access Manages all authentication from the Authentication Details drop-down menu.

    2. Select the primary authentication method.

    3. Select the access policy for additional authentication.

  5. Select Enter Manually Data Input Method and scroll down to the Service Provider Metadata section.

  6. Configure the Service Provider Metadata settings and scroll down to the Message Protection section.

    Assertion Consumer Service (ACS) URL and the Service Provider Entity ID can be obtained from Step 3 of Facebook Workplace configuration.

    1. Enter the following text into the Assertion Consumer Service (ACS) URL field.

      https://<TENANT-NAME>.workplace.com/work/saml.php

    2. Enter the following text into the Service Provider Entity ID field.

      https://www.workplace.com/company/<ID>

  7. Click Download Certificate to download IdP SAML response signing certificate and click Show Advanced options.

  8. Configure the User Identity settings and scroll down to the Attribute Extension section.

    1. Select Email Address from the NameID Identifier Type drop-down menu.

    2. Select mail from the NameID Property drop-down menu.

  9. Configure the Attribute Extension settings and click Save and Finish.

  10. On the My Relying Parties page, click on the drop down icon beside the Edit button of the relying party configured above and click View or Download IdP Metadata.

  11. On the View or Download Identity Provider Metadata page, click on Download Metadata File. The file is downloaded with the name IdPMetadata.xml. Once the file is downloaded, click the Cancel button to return to My Relying Parties page.

Configure Facebook Workplace

Perform these steps to configure Facebook Workplace as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Log on to Facebook Workplace and click Admin Panel > Security > Authentication.

  2. In Login section, check Single sign-on (SSO) and select SSO in Default for new users dropdown

  3. Configure SSO Providers by adding values from your Identity Provider into the corresponding fields.

    These parameters can be obtained from Step-11 of RSA SecurID Cloud Authentication Service configuration.

    1. Name of the SSO Provider - Add a suitable name of RSA SecurID Cloud Authentication Service.
    2. SAML URL - Input Entity ID of RSA Cloud Authentication Service Instance.
    3. SAML Issuer URL - Input Entity ID of RSA Cloud Authentication Service Instance.
    4. SAML Certificate - Input X509Certificate value of RSA Cloud Authentication Service Instance.

  4. Click Save Changes.

Configuration is complete.

Return to the main page for more certification related information.

 
You are here
Facebook Workplace - Relying Party Configuration - RSA Ready SecurID Access Implementation Guide

Attachments

    Outcomes