This article describes how to integrate RSA with Avaya using SAML Relying Party.

Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console.
2. Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.
3. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.
4. On the Basic Information page, enter a name for the application in the Name field and click Next Step.
5. In the Authentication tab, select SecurID manages all authentication.
6. Select the Primary Authentication Method and Access Policy as required and click Next Step.
7. To provide Service Provider details, select Import Metadata, click the Choose File button, and select the file downloaded from the Service Provider.

8. Assertion Consumer Service (ACS) URL and Service Provider Entity ID values will be auto filled.
9. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
10. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Email Address
    2. Property: mail

11. Under the Statement Attributes section, add the following attributes as shown in the figure:
    1. First Attribute
       1. Attribute Name: lastname
       2. Attribute Source: Identity Source
       3. Property: sn
    2. Second Attribute:
       1. Attribute Name: emailaddress
       2. Attribute Source: Identity Source
       3. Property: mail
    3. Third Attribute:
       1. Attribute Name: firstname
       2. Attribute Source: Identity Source
       3. Property: givenName

12. Click Save and Finish.
13. On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.
14. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Avaya

1. Log in to Avaya as an administrator.
2. Click the Profile icon in the top right corner and select Add Company.
3. Provide the Name and click Save.
4. Under the Domains tab, click Add Domain.
5. Provide the company domain name and click OK.
6. Click Verify to verify the domain.
7. Copy the verification code, add the DNS record in the domain portal, and click Verify.
8. Once the domain is verified, a popup will indicate that Auto domain verification was successful.
9. Go to the Enterprise SSO tab and click Add An Enterprise SSO.
10. Provide the Name and click Save.
11. Do the following and click Save:
    • Name: Provide Identity Provider name (RSA).
    • Display name: Will auto populated based on the name.
    • IdP metadata: Copy and paste the metadata downloaded from the RSA platform.
    • Download the metadata of SAML SP: This link provides Avaya metadata for RSA configuration.

12. Click Update.

13. Provide the following details and click Save:
    • Email: emailaddress 
    • FirstName: firstname
    • LastName: lastname
    • Domains: Provide the company domain which you added before.
    • Status: Change the status to Active.

14. After saving the modifications, click Test.
15. Once Test is successful, you will see the SAML response and its attribute values.