Add Integrated Windows Authentication as an Identity Provider

Document created by RSA Information Design and Development on Jul 13, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 18Show Document
  • View in full screen mode
  

As part of the process to enable Integrated Windows Authentication (IWA), you must add IWA as an identity provider (IdP) for RSA SecurID Access using the Cloud Administration Console.

 

Before you begin 

 
  • You must be a Super Admin in the Cloud Administration Console.
  • At least one identity router must be deployed and configured.
  • At least one identity source must be connected to the identity router.
  • Install the Integrated Windows Authentication Connector
  • You must have access to the certificate (.pem) file that matches the personal information exchange (.pfx) file you specified when installing the RSA SecurID Access IWA Connector.
  • Work with your network administrator to determine the range of IP addresses that will authenticate using IWA.

Procedure 

 
  1. In the Cloud Administration Console, click Users > Identity Providers.
  2. Click Add an Identity Provider.
  3. Click Add to add the Integrated Windows Authentication provider type.
  4. In the Name field, enter a new name for the IdP, or leave the default name.
    This name appears as a tooltip when users hover their mouse over the icon for this IdP on the application portal sign-in page. Choose a user-friendly name, and inform users that they can click the icon to authenticate using this IdP.
  5. (Optional) In the Description field, enter a description for the IdP.
  6. Click Next Step.
  7. In the Audience ID field, leave the default value or enter a different Audience ID for the IdP. The Audience ID must be an alphanumeric string with no special characters.
    This value must match the Audience ID you specified when installing the RSA SecurID Access IWA Connector.
  8. In the Audience URL field, enter an Audience URL for the IdP.
    This value must match the Audience URL you specified when installing the RSA SecurID Access IWA Connector.
    Use the format https://<identity_router_URL>/SPServlet?sp_id=<uniqueID>
    where:
    • <identity_router_URL> is either the URL of the identity router, or the virtual hostname of the load balancer for a cluster of identity routers.
    • <uniqueID> is a unique identifier for the IWA IdP, for example, RSASecurIDAccessIWA.
  9. In the Issuer ID field, enter an Issuer ID for the IdP. The Issuer ID must be an alphanumeric string with no special characters.
    This value must match the Issuer ID you specified when installing the RSA SecurID Access IWA Connector.
  10. In the Issuer URL field, replace <IWA_SERVERNAME> with the network hostname of the RSA SecurID Access IWA Connector server.
    For example, if the default value is https://<IWA_SERVERNAME>/RSASecurIDIWAConnector/, change the new value to https://sampleiwa.example.com/RSASecurIDIWAConnector/.
  11. Leave the Passive Sign-in checkbox unchecked.
  12. Select the Transform NameID to Lowercase checkbox.
  13. In the Certificate section, click Select File, then browse to and select the .pem certificate.
  14. Click Next Step.
  15. In the Policy Combination field, leave the default value Deny Overrides.
  16. Specify the IP address ranges that will authenticate using this IWA IdP.  
    1. From the Attribute drop-down list, select IpAddress.
    2. From the Operation drop-down list, select In Range.
    3. In the Value field, enter an IP address range.
    4. From the Effect drop-down list, select Allow Access.
    5. (Optional) Click ADD, and repeat steps a through d to specify additional IP ranges.
  17. Click Next Step.
  18. In the IdP Icon section, leave the default icon, or click Change Icon to upload a new icon to represent the IWA IdP on the application portal sign-on page.
  19. Click Save and Finish.
  20. Click Publish Changes to apply the configured settings.

 

 

You are here
Table of Contents > Integrated Windows Authentication > Add Integrated Windows Authentication as an Identity Provider

Attachments

    Outcomes