Relying Party Configuration - Cisco ISE RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Dec 3, 2018Last modified by RSA Information Design and Development Employee on Jan 2, 2019
Version 2Show Document
  • View in full screen mode

This section contains instructions on how to integrate RSA SecurID Access with Cisco ISE using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Cisco ISE SAML Service Provider (SP).

Architecture Diagram

RSA Cloud Authentication Service

To configure a SAML Service Provider in RSA Cloud IdP, you must add a Service Provider for in the RSA SecurID Access Console. During configuration of the IdP you will need some information from the SP. This information includes (but is not limited to) Assertion Consumer Service URL and Service Provider Entity ID.


1. Logon to the RSA Cloud Administrative Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

2. Enter Name and click Next Step.

3. Select RSA SecurID Access manages all authentication, select your Access Policy for Additional Authentication and click Next Step.

4. Configure the connection profile and click Save and Finish.

Data Input Method: Select Enter Manually.

Assertion Consumer Service URL: Enter the ACS URL from your Cisco ISE portal.

Service Provider Entity ID (Audience): Enter the SP Entity ID from your Cisco ISE Portal.

If you don’t know your ACS URL or SP Entity ID, fill in temporary place holder values so that you can continue to the next step. After completing the SAML SP configuration and apply it to an ISE portal. You will be able to download the metadata file which contains these values. When you have the file, return to this page and use the Import Metadata function to fill the correct ACS URL and SP Entity ID values automatically.

5. Open the drop-down menu for your relying party and click View or Download IdP Metadata.

6. Click Download Metadata File.

7. Click Publish Changes.


Cisco ISE

Follow the steps in this section to integrate Cisco ISE with RSA SecurID Access as a Relying Party SAML SP.


1. Login to Cisco ISE Administrative Console and browse to Administration > Identity Management > External Identity Sources > SAML Id Providers and click Add.

2. Enter an Id Provider Name and open the Identity Provider Config tab.

3. Click to Import Identity Provider Config File. Browse to the RSA SecurID Access metadata file you downloaded in the IdP configuration section of this guide. Click Save.

Note: You must configure Guest Access Portal and/or My Devices Portal as a SAML SP before you can export the metadata.


Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Relying Party configuration to your chosen use case.