Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. Provide the Service Provider details in the following format:
   1. Assertion Consumer Service (ACS) URL: https://<domain>. delinea.app/identity-federation/saml/assertion-consumer
   2. Service Provider Entity ID: https://<domain>. delinea.app/identity-federation/sp/<federation provider ID>.

8. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
9. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
   1. Identifier Type: Auto Detect 
   2. Property: Auto Detect

10. Under the Statement Attribute section, add the following attributes:
    1. First Attribute:
       1. Attribute Name: EmailAddress
       2. Attribute Source: Identity Source
       3. Property: mail
    2. Second Attribute:
       1. Attribute Name: nameidentifier
       2. Attribute Source: Identity Source
       3. Property: mail
    3. Third Attribute:
       1. Attribute Name: Name
       2. Attribute Source: Identity Source
       3. Property: userName
    4. Fourth Attribute:
       1. Attribute Name: upn
       2. Attribute Source: Identity Source
       3. Property: mail

11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
13. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
14. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Delinea

1. Log in to Delinea using admin credentials.
2. Navigate to Settings > Federation providers.

3. Click Add Provider and select SAML.

4. Provide the following details:
   1. Name: Enter a name for your provider.
   2. Status: check the Enabled checkbox.
   3. Entity ID: Enter the value of entityID, which can be obtained from the metadata file downloaded from the RSA platform.
   4. IDP certificate: Upload the certificate downloaded from the RSA platform by clicking Select file.

5. Provide the following details:
   1. IDP Login URL: Enter the value of SingleSignOnService, which can be obtained from the metadata file downloaded from the RSA platform.
   2. Under the Advanced Settings section, check the Customize certificate issuer sent to IDP checkbox.

6. Under Attribute Mappings, provide the attributes as shown in the figure below.
7. Click Add Domain, enter a domain from which users will be logging in, and click Save.
8. Scroll up and copy the following values to configure in the RSA platform.
   1. Platform callback URL: This is the ACS URL.
   2. Customize certificate issuer sent to IDP: This the Entity ID.