This article describes how to integrate Cerby with RSA Cloud Authentication Service using My Page SSO.

   
Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.

Procedure 

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Click Create from Template and click Select for SAML Direct.|
   
3. On the Basic Information page, choose Cloud.
4. Enter the name for the application and click Next Step.
   
5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose SP-initiated.
6. In the Connection URL field, enter the URL of your Cerby workspace in the following format: https://<workspace-name>.cerby.com/.
   
7. Scroll down to the Service Provider section and provide the Assertion Consumer Service (ACS) URL and Audience (Service Provider Entity ID) values. Both values can be retrieved from the Cerby configuration.
   
8. Scroll down to the User Identity section and under Statement Attributes, add the following:
   1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, Attribute Source: Identity Source, Property: mail
   2. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, Attribute Source: Identity Source, Property: givenName
   3. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname, Attribute Source: Identity Source, Property: sn
      
9. Click Next Step.
10. On the User Access page, choose the access policy you want to use to determine which users can access the application and click Next Step.
    
11. On the Portal Display page, configure the portal display and other settings and click Next Step. 
12. On the Fulfillment page, configure your preferred settings or leave the Fulfillment toggle button disabled as it is, and then click Save and Finish.
13. Locate the application that you created on the My Applications page, click the drop-down arrow next to Edit, and click Export Metadata.
14. Click Publish Changes and wait for the operation to be completed.
    
    Your application is now enabled for SSO. 
    

Configure Cerby

Perform these steps to configure Cerby.

Procedure 

As part of the configuration process, an e-mail will be received from Cerby Support to begin setting up the workspace. 

1. Click Create my workspace.
   The Welcome to Cerby window appears.
   
2. Select Continue with Generic SAML.
   
3. Enter a Workspace name (.cerby.com will be appended automatically) and click Create workspace.
   
4. Make a note of the ACS URL and Entity ID values that are required for configuring RSA Cloud Authentication Service.
5. After completing the RSA Cloud Authentication Service configuration steps, retrieve the IdP metadata mentioned earlier and upload it during this step.
   
6. Select the I have already assigned users or groups to the application checkbox and click Finish Configuration.
   
7. The workspace is successfully set up and you will be prompted to log in. Click Login.
   
   You will be redirected to the Cerby dashboard. 

Note: The first user who logs in during this step will be designated as the administrator for the configured workspace and will receive all administrator-related e-mails. 

The configuration is complete.

Return to Cerby - RSA Ready Implementation Guide.