Delinea - SAML Relying Party Configuration - RSA Ready Implementation Guide
2 years ago

This article describes how to integrate RSA with Delinea using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Delinea.
Procedure
  1. Sign in to the RSA Cloud Administration Console.
  2. Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.image.png
  3. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.image.png
  4. On the Basic Information page, enter a name for the application in the Name field and click Next Step.image.png
  5. In the Authentication tab, select SecurID manages all authentication.
  6. Select the Primary Authentication Method and Access Policy as required and click Next Step.image.png
  7. Provide the Service Provider details in the following format:
    1. Assertion Consumer Service (ACS) URLhttps://<domain>. delinea.app/identity-federation/saml/assertion-consumer
    2. Service Provider Entity IDhttps://<domain>;. delinea.app/identity-federation/sp/<federation provider ID>.
image.png
Refer to the Delinea configuration section to obtain ACS URL and Service Provider Entity ID.
  1. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.image.png
  2. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect
image.png
  1. Under the Attribute Extension section, add the following attributes:
    1. First Attribute:
      1. Attribute Name: nameidentifier
      2. Attribute Source: Identity Source
      3. Property: mail
    2. Second Attribute:
      1. Attribute Name: Name
      2. Attribute Source: Identity Source
      3. Property: userName
    3. Third Attribute:
      1. Attribute Name: upn
      2. Attribute Source: Identity Source
      3. Property: mail
    4. Fourth Attribute:
      1. Attribute Name: EmailAddress
      2. Attribute Source: Identity Source
      3. Property: mail
image.png
  1. Click Save and Finish.
  2. On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.image.png
  3. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.image.pngimage.png

Configure Delinea

Perform these steps to configure Delinea.
Procedure
  1. Log in to Delinea using admin credentials.
  2. Navigate to Settings > Federation providers.
image.png
  1. Click Add Provider and select SAML.
image.png
  1. Provide the following details:
    1. Name: Enter a name for your provider.
    2. Status: check the Enabled checkbox.
    3. Entity ID: Enter the value of entityID, which can be obtained from the metadata file downloaded from the RSA platform.
    4. IDP certificate: Upload the certificate downloaded from the RSA platform by clicking Select file.
image.png
  1. Provide the following details:
    1. IDP Login URL: Enter the value of SingleSignOnService, which can be obtained from the metadata file downloaded from the RSA platform.
    2. Under the Advanced Settings section, check the Customize certificate issuer sent to IDP checkbox.
image.png
  1. Under Attribute Mappings, provide the attributes as shown in the figure below.image.png
  2. Click Add Domain, enter a domain from which users will be logging in, and click Save.
image.png
  1. Scroll up and copy the following values to configure in the RSA platform.
    1. Platform callback URL: This is the ACS URL.
    2. Customize certificate issuer sent to IDP: This the Entity ID.
image.png

The configuration is complete.
Return to Delinea - RSA Ready Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?