Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. Provide the Service Provider details in the following format:
   1. Assertion Consumer Service (ACS) URL: https://<your _allgress_instance>/saml2/<configuration_id>/Acs
   2. Service Provider Entity ID: https://<your _allgress_instance>/saml2/<configuration_id>

8. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
9. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
   1. Identifier Type: Auto Detect 
   2. Property: Auto Detect

10. Under the Statement Attribute section, add the following attributes:
    1. First Attribute:
       1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
       2. Attribute Source: Identity Source
       3. Property: givenName
    2. Second Attribute:
       1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
       2. Attribute Source: Identity Source
       3. Property: sn
    3. Third Attribute:
       1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
       2. Attribute Source: Identity Source
       3. Property: userName
    4. Fourth Attribute:
       1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
       2. Attribute Source: Identity Source
       3. Property: mail

11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
13. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
14. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Allgress

1. Log in to Allgress using admin credentials.
2. Click the settings gear icon at the top.

3. Select SAML Configuration.

4. To enable SSO, check the Enable SAML 2.0 Support checkbox and provide the following details:
   1. Identity Provider Identifier: Enter the value of entityID, which can be obtained from the metadata file downloaded from the RSA platform.
   2. Identity Provider Endpoint: Enter the value of SingleSignOnService, which can be obtained from the metadata file downloaded from the RSA platform.

5. Navigate to the ALLGRESS SAML SERVICE PROVIDER SETTING and provide the following details:
   1. Service Provider Endpoint (Not editable): This value is auto-populated and used as ACS URL in RSA configuration.
   2. Service Provider Identifier: Construct the Service Provider Identifier by removing the word "Acs" from the Service Provider Endpoint URL. This is used as the Entity ID in the RSA platform.

6. Once you have completed the configuration, click Save.