This section describes how to integrate RSA SecurID Access with Facebook Workplace using a SAML SSO Agent.
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Facebook Workplace.
Sign into the RSA Cloud Administration Console and browse to Applications > Application Catalog, search for Britive and click +Add to add the connector.
In the Initiate SAML Workflow section, in the Connection URL field, enter the Initiate SSO URL obtained from Step 3(c) of Workplace configuration.
Scroll down to SAML Identity Provider (Issuer) section and perform following steps:
- Click Generate Cert Bundle to generate and download a zip file containing the private key and certificate. Unzip the downloaded file to extract the certificate and private key.
- Select the first Choose File and upload the RSA SecurID Access private key.
- Select the second Choose File and upload the RSA SecurID Access public certificate.
In the Service Provider section, do the following:
- In the Assertion Consumer Service (ACS) URL field, enter the Assertion Consumer URL obtained from Step 3 of Facebook Workplace configuration.
- In the Audience (Service Provider Entity ID) field, enter the Audience/Entity ID value obtained from Step 3 of Facebook Workplace configuration.
In the User Identity section, select Email Address from the Identifier Type drop-down list, select the name of your user identity source and select the property value as mail. Click Show Advanced Configuration.
Under Attribute Extension section, do the following:
- Attribute Source: Select Identity Source from the drop-down list
- Attribute Name: Type email
- Identity Source: Select the appropriate identity source from the drop-down list
- Property: Select mail from the drop-down list
Scroll to the bottom of the page and click Next Step.
On the User Access page, select the access policy the identity router will use to determine which users can access the Britive service provider. Click Next Step.
On the Portal Display page, configure the portal display and other settings. Click Save and Finish.
On the My Applications page, click on the drop down icon beside the Edit button of the application configured above and click Export Metadata. The file is downloaded with the name <ApplicationName>-idp-metadata.xml where <ApplicationName> is the name given in Step 2 above. Open this file in an editor to get necessary parameters to be added in Step 3 of Facebook Workplace configuration.
Click Publish Changes in the top left corner of the page, and wait for the operation to complete.
Configure Facebook Workplace
Perform these steps to configure Facebook Workplace as an SSO Agent SAML SP to RSA Cloud Authentication Service.
Log on to Facebook Workplace and click Admin Panel > Security> Authentication.
In Login section, check Single sign-on (SSO) and select SSO in Default for new users dropdown
These parameters can be obtained from Step-11 of RSA SecurID Cloud Authentication Service configuration.
- Name of the SSO Provider - Add a suitable name of RSA SecurID Cloud Authentication Service.
- SAML URL - Input Entity ID of RSA Cloud Authentication Service Instance.
- SAML Issuer URL - Input Entity ID of RSA Cloud Authentication Service Instance.
- SAML Certificate - Input X509Certificate value of RSA Cloud Authentication Service Instance.
- Click Save Changes.
Configuration is complete.
Return to the main page for more certification related information.