Configure RSA Cloud Authentication Service

1. Enable My Page SSO by accessing the RSA Cloud Admin Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
2. On the Applications > Application Catalog page, click on Create From Template.
3. On the Choose Connector Template page, click Select for SAML Direct.
4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
5. In the Connection Profile section, select the IdP-initiated option.
6. To provide Service Provider details, select Import Metadata, then click Choose File. Select the file downloaded from the Service Provider.
7. Assertion Consumer Service (ACS) URL and Service Provider Entity ID Values will be auto filled.
8. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
9. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
   1. Identifier Type: Auto Detect 
   2. Property: Auto Detect

10. Click Next Step.
11. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
12. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
13. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure IBM Security Verify

1. Log in to IBM Security Verify with admin credentials.
2. Click the Authentication dropdown and select Identity Providers.
3. Click Add identity provider.
4. Select SAML Enterprise and click Next.
5. Provide the following details and click Next.
   1. Name – Name of the Identity Provider.
   2. Realm – Provide a unique realm name.
6. Check the Enabled checkbox to enable your provider as a sign in option.

7. Click Download metadata, then click Next.
8. On From identifier provider, do the following and click Next:
   1. Select the Identity provider radio button.
   2. SSO URL - This is the value of SingleSignOnService, obtainable from the metadata file downloaded from the RSA platform.
   3. Identity provider metadata - Upload the metadata file downloaded from the RSA platform.

9. Click Next on the following tab.
10. On Just-in-time provisioning and identity linking, do the following and click Next:
    1. Check the Just-in-time provisioning checkbox.
    2. Select the Unique user identifier as email.
    3. Select the Transformation as Lowercase.

11. Click Next on the two tabs, then click Done.