This article describes how to integrate Articulate Reach 360 with Cloud Access Service (CAS) using My Page SSO.

Configure CAS

Perform these steps to configure RSA ID Plus using My Page SSO.

Procedure

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog. Click Create From Template and select SAML Direct.

2. Choose Cloud on the Basic Information page.

3. Enter the name for the application and click the Next Step button.

4. On the Connection Profile page, Navigate to Initiate SAML Workflow section and choose IdP-initiated.

5. Scroll down to the Service Provider section and enter the following details:
   1. ACS URL: Provided from Articulate Reach 360 during the configuration.
   2. Service Provider Entity ID: Provided from Articulate Reach 360 during the configuration.

6. Scroll down to the Identity Provider section. Make a note of the Identity Provider URL, as it will be needed for the Articulate Reach 360 configuration.

7. Under Show IdP Advanced Configuration, Proceed with the Default option for Identity Provider Entity ID and Audience for SAML Response.

8. Under the Message Protection section, In the SAML Response Protection section, select IdP signs assertion within response. Download the certificate by clicking on Download Certificate.

9. Scroll down to the User Identity section and select the following:
   1. Identifier Type – Auto Detect
   2. Property – Auto Detect.

10. In the Statement Attributes section, configure the attributes “email”, “firstName” and “lastName” as these are required by Articulate Reach 360.

1. 1. email -> Identity Source -> mail
   2. firstName -> Identity Source -> giveName
   3. lastName -> Identity Source -> sn

11. Click Next Step, In the Access Policy section, choose the policy for the application from the dropdown.

12. Leave Fulfillment settings as default as User provisioning using SCIM is not covered in this document.  
13. Choose Next Step and Save and Finish.
14. Click Publish Changes and wait for the operation to be completed.

15. After publishing, your application is now enabled for SSO. 

The Configuration is complete.

Configure Articulate Reach 360

Perform these steps to configure Articulate Reach 360 with RSA ID Plus in My Page SSO.

Procedure

1. Log in to your provided tenant with an admin account. https://<Your_org_tenant>.reach360.com
2. From the Manage menu, navigate to Settings.
3. Scroll down to Single sign-on (SSO) authentication and click Configure SSO.

4. On the Configure Single Sign-On (SSO) Authentication page, enter the following details:
   1. IDP SSO URL: Entity ID obtained in step 6 in the RSA configuration section.
   2. IDP Issue URI: Entity ID obtained in step 6 in the RSA configuration section.
   3. IDP Signature Certificate: Copy and paste the downloaded certificate in step 8 in the RSA configuration section.
   4. Response Signature Verification: Choose Assertion from the dropdown menu to match the signing of RSA of the assertion.

5. Scroll down and click Save & Continue to SAML Info.
6. On the Your Reach 360 SAML Information page, copy the Assertion Consumer Service URL and Audience URI, the 2 values will be used in their respective fields in step 5 in the RSA configuration section.

5. Click Done. SSO is now configured on Articulate Reach 360 side.

The Configuration is complete.