This article describes how to integrate RSA with Cerby using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a Relying Party to Cerby.

Procedure

1. Sign in to RSA Cloud Administration Console.
2. Click Authentication Clients > Relying Parties.
   
3. On the My Relying Parties page, click Add a Relying Party. 
   
4. On the Relying Party Catalog page, click Add for Service Provider SAML. 
   
5. On the Basic Information page, enter a name for the Service Provider in the Name field and click Next Step.
   
6. On the Authentication page, choose SecurID manages all authentication.
7. In the 2.0 Access Policy for Authentication drop-down list,  select a policy that was previously configured and click Next Step.
   
8. On the Connection Profile page, select Enter Manually.
   
9. Scroll down to the Service Provider section and provide Assertion Consumer Service (ACS) URL and Audience (Service Provider Entity ID). These values can be retrieved from the Cerby configuration.
   
10. Scroll down and click Show Advanced Configuration.
11. In the User Identity section, under Statement Attributes, add the following:
    1. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, Attribute Source: Identity Source, Property: mail
    2. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, Attribute Source: Identity Source, Property: givenName
    3. Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname, Attribute Source: Identity Source, Property: sn
       
12. Click Save and Finish.
13. Locate the application that you created on the Relying Parties page and click the drop-down arrow next to Edit.
14. Click Metadata > Download Metadata File.
15. Click Publish Changes and wait for the operation to be completed.
    
    Your application is now enabled for SSO.
     

Configure Cerby

Perform these steps to configure Cerby.

Procedure 

As part of the configuration process, an e-mail will be received from Cerby Support to begin setting up the workspace. 

1. Click Create my workspace.
   The Welcome to Cerby window appears.
   
2. Select Continue with Generic SAML.
   
3. Enter a Workspace name (.cerby.com will be appended automatically) and click Create workspace.
   
4. Make a note of the ACS URL and Entity ID values that are required for configuring RSA Cloud Authentication Service.
5. After completing the RSA Cloud Authentication Service configuration steps, retrieve the IdP metadata mentioned earlier and upload it during this step.
   
6. Select the I have already assigned users or groups to the application checkbox and click Finish Configuration.
   
7. The workspace is successfully set up and you will be prompted to log in. Click Login.
   
   You will be redirected to the Cerby dashboard. 

Note: The first user who logs in during this step will be designated as the administrator for the configured workspace and will receive all administrator-related e-mails. 

The configuration is complete.

Return to Cerby - RSA Ready Implementation Guide.