Dynatrace - SAML Relying Party Configuration - RSA Ready SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-12-02

This section describes how to integrate RSA SecurID Access with Dynatrace using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Dynatrace SAML Service Provider (SP).

Architecture Diagram

jaink9_0-1638479789702.png

 

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Dynatrace .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

jaink9_1-1638479835167.png

2. From the Relying Party Catalog, select the +Add button for Service Provider SAML.

jaink9_2-1638479875275.png

3. In the Basic Information section, enter a name and click Next Step.

jaink9_3-1638479931649.png

4. In the Authentication section, do the following:

a. Under Authentication Details, select RSA SecurID Access manages all authentication.

b. Select appropriate primary and additional authentication methods.

c. Click Next Step.

jaink9_4-1638479983959.png

5. On the next page, under Connection Profile, click choose file and select the Dynatrace SP metadata XML file, which can be obtained from Step 4 of Configure Dynatrace.

jaink9_5-1638480022723.png

6.In the Service Provider Metadata section the details should be automatically filled as we selected Dynatrace SP metadata XML file in Step 5 above.

a. Assertion Consumer Service (ACS) URL: The AssertionConsumerService URL obtained from Dynatrace SP metadata XML file in Step 5 above. In this case Assertion Consumer Service (ACS) URL is https://sso.dynatrace.com:443/saml2/sp/consumer.

b. Service Provider Entity ID: The entityID obtained from Dynatrace SP metadata XML file in Step 5 above. In this case entityID is https://sso.dynatrace.com:443/saml2/login.

jaink9_6-1638480066494.png

7. In the Message Protection section:

a. Certificate should have been automatically shown as Dynatrace SP metadata XML file was imported in Step 5.

b. Click Download Certificate and save the certificate. This certificate is required in Step 6 of Configure Dynatrace .

c. Under Idp Sign, select Entire SAML Response.

jaink9_7-1638480099431.png

8. Click Show Advanced Configuration.

jaink9_8-1638480139749.png

9. Under Attribute Extension section, click on +Add button and add the following three attributes:

a. Attribute Name: Email, Attribute Source: Identity Source, Property: mail

b. Attribute Name: FirstName, Attribute Source: Identity Source, Property: givenName

c. Attribute Name: LastName, Attribute Source: Identity Source, Property: sn

jaink9_9-1638480166552.png

10. Click Save and Finish.

11. Click the Publish Changes button in the top left corner of the page, and wait for the operation to complete.

jaink9_10-1638480253315.png

12. On the My Relying Parties page, do the following:

a. Select View or Download IdP Metadata from the Edit drop-down list to view and download an XML file containing your RSA SecurID Access IdP’s metadata.

b. Click Download Metadata File in the View or Download Identity Provider Metadata page to download the file. A file named IdpMetadata.xml should be downloaded.

jaink9_11-1638480289911.png

 

Configure Dynatrace

Perform these steps to integrate Dynatrace with RSA SecurID Access as a Relying Party SAML SP.

Note: For the remainder of this configuration, your domain must be verified in Dynatrace SaaS account.

Procedure

1. Log in to your Dynatrace SaaS account.

2. Navigate to Account Setting > Identity management > Single sign-on.

jaink9_0-1638480513653.png

3. On the Single sign-on page, under Verified Domains click Add button for your domain.

jaink9_1-1638480545904.png

4.On the Add configuration page, click Download XML and save the metadata file. This file is required in Step 5 of Configure RSA Cloud Authentication Service.

jaink9_2-1638480577794.png

5. In the Upload XML section, select Choose file and select the RSA IDP metadata file downloaded in Step 12 of Configure RSA Cloud Authentication Service.

jaink9_3-1638480626076.png

6. In the Attribute mapping section, specify the following:

jaink9_4-1638480657901.png

a. First name attribute: Enter FirstName.

b. Last name attribute: Enter LastName.

7. Select Validate configuration to verify your settings. After verification one of the following may happen:

jaink9_5-1638480682967.png

a. If validation is successful, Dynatrace displays a confirmation message. Close the message to return to Add configuration and then select Continue to display a summary of the validated configuration.

b. If there's an error in the Results list, select Edit configuration to fix it and re-validate.

8. On Enable SSO page, select Enable.

jaink9_6-1638480709002.png

9. Click Save & continue.

 

Configuration is complete.

For additional integrations, see "Configuration Summary" section.

Don't see what you're looking for?