This article describes how to integrate Citrix Cloud with RSA Cloud Authentication Service using My Page SSO.

   
Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.

Procedure 

1. Sign in to RSA Cloud Administration Console and navigate to Applications > Application Catalog.
2. Click Create From Template and click Select for SAML Direct.
   
3. On the Basic Information page, choose Cloud.
   
4. Enter the name for the application and click Next Step.
   
5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose IdP-initiated.
   
6. Scroll down to the Service Provider section and enter the following details:
   1. Import the metadata and verify that the ACS URL and Service Provider Entity ID are filled correctly.
      This metadata file can be obtained from the Citrix Cloud console.
      
7. Scroll down to the Identity Provider section and make a note of the Identity Provider URL. This is required for the Citrix Cloud configuration.
   
8. Proceed with the Default option for Identity Provider Entity ID and Audience for SAML Response.
   
9. Under the Message Protection section, for SAML Response Protection:
   1. Choose IdP signs entire SAML response.
   2. Select the Override default signing key and certificate checkbox.
   3. Click Generate Cert Bundle to generate and download a zip file containing the private key and certificate.
   4. Unzip the downloaded file to extract the certificate and private key.
   5. Click the first Choose File option and upload the RSA private key.
   6. Click the second Choose File option and upload the RSA public certificate
      
10. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
       
11. In the Statement Attributes section, enter the following attribute names and property values:
    1. Attribute Name: cip_email, Attribute Source: Identity Source, Property: mail
    2. Attribute Name: cip_oid, Attribute Source: Identity Source, Property: objectGUID
    3. Attribute Name: cip_sid, Attribute Source: Identity Source, Property: objectSid
    4. Attribute Name: cip_upn, Attribute Source: Identity Source, Property: userPrincipalName
       
12. Locate the application you created on the My Applications page and click Edit > Export Metadata.
13. Click Publish Changes and wait for the operation to be completed.
    
    After publishing, your application is now enabled for SSO. 
    

Configure Citrix Cloud SSO

Perform these steps to integrate Citrix Cloud with RSA uisng My Page SSO.
Procedure

1. Sign in to Citrix Cloud at https://citrix.cloud.com.
2. On the Citrix Cloud menu, click Identity and Access Management.
   
   
3. On the Authentication tab, for SAML 2.0, select Connect. When prompted, enter a short, URL-friendly, identifier for your company and click Save and continue.
   
   
4. On the Configure SAML page, enter the following:
   1. Entity ID: Enter the Identity Provider Entity ID from the metadata file downloaded from RSA Cloud Authentication Service.
   2. SSO Service Provider: Enter the SingleSignOnService URL from the metadata file.
   3. Binding Mechanism: Select HTTP POST.
      
      
   4. SAML Response: Select Must Sign Response.
   5. X.509 Certificate: Upload SecurID X.509 certificate downloaded in the previous section.
   6. Authentication Context: Set Authentication Context as Unspecified, Minimum.
   7. Logout URL: If required, specify the RSA Portal URL obtained in the previous section to redirect users to the application portal page on logout.
      
      
   8. Download the SAML Metadata file.
   9. Click Test and Finish.
5. Perform the following steps to configure the Workspace Authentication method:
   1. On the Citrix Cloud menu, click Workspace Configuration.
      
      
   2. Click the Authentication tab and choose SAML 2.0.
      
      

The configuration is complete.

Return to Citrix Cloud - RSA Ready Implementation Guide.