AWS IAM Identity Center - SAML My Page SSO Configuration - RSA Ready Implementation Guide
This article describes how to integrate AWS IAM Identity Center with RSA Cloud Access Service (CAS) using My Page SSO.
Configure CAS
Perform these steps to configure CAS using My Page SSO.
Procedure
- Sign in to the RSA Cloud Administration Console with administrator credentials.
- On the Access > My Page, enable Applications. Ensure it is enabled and protected by two-factor authentication using a Password and an access policy.
- On the Applications > Application Catalog page, click Create From Template.
- On the Choose Connector Template page, click Select for SAML Direct.
- On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
- In the Connection Profile page, under Initiate SAML Workflow, choose IdP-initiated.
- To provide Service Provider details, select Import Metadata, click Choose File, and select the file downloaded from the Service Provider.
- In the SAML Response Protection section, choose IdP signs assertion within response, and download the certificate by clicking Download Certificate.
- Scroll down to the User Identity section and select the following values:
- Identifier Type: Auto Detect
- Property: Auto Detect
- Under the Statement Attributes section, add the following attributes.
- Attribute 1:
- Attribute Name: https://aws.amazon.com/SAML/Attributes/RoleSessionName
- Attribute Source: Identity Source
- Property: mail
- Attribute 2:
- Attribute Name: https://aws.amazon.com/SAML/Attributes/Role
- Attribute Source: Constant
- Property: AWS role ARN value, AWS IAM instance session ARN value
- Attribute 1:
Note: See the Configure AWS IAM Identity Center section to obtain the AWS role ARN and the AWS IAM instance session ARN values.
- Click Next Step.
- On the User Access page, select the access policy that will be used to determine which users can access the application.
- Click Next Step.
- On the Portal Display page, configure the portal display and other settings.
- Click Next Step.
- On the Fulfillment page, configure your preferred settings or leave the Fulfillment toggle button disabled as it is, then click Save and Finish.
- Click Publish Changes and wait for the operation to be completed.
After publishing, your application is enabled for SSO. - Navigate to the newly created application on the Applications page and from the Edit drop-down list, choose Export Metadata.
This metadata will be used in the AWS IAM Identity Center configuration.
Configure AWS IAM Identity Center
Perform these steps to configure CAS using My Page SSO.
Procedure
- Access the AWS Management Console by logging in to your AWS account with admin credentials.
- Under Services, go to Security, Identity, & Compliance, and select IAM Identity Center.
- In the right pane, click Go to settings.
- On the Identity Source tab, select Change identity source in the Actions drop-down list.
- Choose External identity provider, and then click Next.
- Configure the external identity provider and click Next.
- Service provider metadata: Click Download metadata file to download the SP metadata.
- IdP SAML metadata: Click Choose file and upload the metadata downloaded from RSA.
- Review the list of changes. Once you are ready to proceed, type ACCEPT and click Change identity source.
- Go to Settings and copy the Instance ARN for the RSA configuration (Attribute mapping).
- To create groups, navigate to AWS IAM.
- Click IAM User groups, and then click Create group.
- In the User group name field, enter the name of the group, and then click Create user group.
- To create a user, navigate to Access management > User, and click Create user.
- Under User details, enter the username in the User name text box, and then click Next.
- To create roles, navigate to Access Management > Roles, and then click Create role.
- Choose SAML 2.0 federation as the Trusted entity type and enter a name for the SAML 2.0 trusted provider in the SAML 2.0-based provider field.
- Copy the ARN. This is the same value as the AWS Role ARN value used in the RSA configuration (Attribute mapping).
- Combine the Role ARN and the Provider ARN values, separated by a comma, to use as the Property value in RSA.
The configuration is complete.
Related Articles
AWS IAM Identity Center - SAML Relying Party Configuration - RSA Ready Implementation Guide 12Number of Views AWS IAM Identity Center S3 - SAML My Page SSO Configuration - RSA Ready Implementation Guide 25Number of Views AWS IAM Identity Center CloudWatch - RSA Ready Implementation Guide 32Number of Views AWS IAM - RSA Ready Implementation Guide 34Number of Views AWS IAM Identity Center CloudWatch - SAML My Page SSO Configuration - RSA Ready Implementation Guide 24Number of Views
Trending Articles
RSA Authentication Manager 8.9 Setup and Configuration Guide How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. RSA Authentication Manager 8.9 Release Notes (January 2026) Configure RSA Authentication Manager as a Secure Proxy Server for Cloud Access Service RSA Authentication Manager Upgrade Process
Don't see what you're looking for?