BambooHR - SAML Relying Party Configuration - RSA Ready Implementation Guide

2 years ago

Originally Published: 2021-11-03

This article describes how to integrate RSA with BambooHR using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to BambooHR.
Procedure

Sign in to the RSA Cloud Administration Console.
Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.
In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.
On the Basic Information page, enter a name for the application in the Name field and click Next Step.
In the Authentication tab, select SecurID manages all authentication.
Select the Primary Authentication Method and Access Policy for Additional Authentication as required and click Next Step.
Specify the Service Provider details in the following format:
1. Assertion Consumer Service (ACS) URL: https://<tenant>.bamboohr.com/saml/consume.php.
2. Service Provider Entity ID: <BambooHR Entity ID>.

See the Notes section for instruction on obtaining the Assertion Consumer Service (ACS) URL and Service Provider Entity ID.

In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows:
1. Identifier Type: Auto Detect
2. Property: Auto Detect

Click Save and Finish.
On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.
Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

The ACS URL can be constructed by replacing the value in the tenant tag. The tenant value is most likely the company name or domain -- https://<tenant>.bamboohr.com/saml/sp_metadata.php
The default Entity ID for BambooHR is BambooHR-SAML.

For reference, see the official documentation: https://help.bamboohr.com/s/article/587788.

Perform these steps to configure BambooHR.
Procedure

Log in to BambooHR with admin credentials.
Click the Gear icon in the top right corner and select Apps.
If the SAML Single Sign-On app is not pre-installed, search SAML Single Sign-On and click Install.
Click the SAML icon, then click Settings.
Provide the required details and click Save.
1. SSO Login URL - The value of SingleSignOnService URL, obtainable from the metadata file downloaded from the RSA platform.
2. x.509 Certificate - Upload the certificate downloaded from the RSA platform.

Don't see what you're looking for?