Configure RSA Cloud Authentication Service

1. Sign in to RSA Cloud Administration Console. 
2. Click Authentication Clients > Relying Parties.                                                                                                                                          
3. On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.                                          
4. On the Basic Information page, enter the name for the application in the Name field and click Next Step.                                     
5. On the Authentication page, choose SecurID manages all authentication.
6. Select a Primary Authentication Method and Access Policy as required and click Next Step.                                              
7. Provide the Service Provider details in the following format: 
   1. ACS URL: https://auth.velpic.com/saml/v2/<Account Id>/login 
   2. Service Provider Entity ID: https://auth.velpic.com/saml/v2/<Account Id>/login 
      Refer to the Configure Damstra Learning Management section to obtain <Account Id>.                                                     
8. In the SAML Response Protection section, choose IdP signs assertion within response.
9. Download the certificate by clicking Download Certificate.                                                                                                            
10. Click Show Advanced Configuration.
11. Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.                                                                                                                                                       
12. Add the following Statement Attributes. 
    1. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname  - sn
    2. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - userName 
    3. http://schemas.xmlsoap.org/ws/2005/05/idxntity/claims/givenname - givenName
    4. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - mail                                                                               
13. Click Save and Finish.
14. On the My Relying Parties page, click the Edit drop-down icon and select the Metadata option to download the metadata.             
15. Click Publish Changes. Your application is now enabled for SSO.                                                                                                    

Configure Damstra Learning Management.

1. Log on to Damstra Learning Management.
2. Navigate to Admin > Integration > Plugins.                                                                                                                                            
3. Click Add Plugin.                                                                                                                                                                              
4. Click SAML 2.0.                                                                                                                                                                               
5. Enter the Service Name: Name of the Identity Provider and click Add.                                                                                            
6. Enter the following details and click Save.
   1. Name: The Identity Provider name that is auto-filled.
   2. Single sign on URL: Copy the <Account Id> value to construct ACS URL and Entity ID.
   3. Issuer URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
   4. Provider Metadata Config: Upload the metadata file downloaded from RSA.
   5. (Optional) Select Enabled for Auto create new users if you want to enable Just in Time (JIT) Provisioning.