This article describes how to integrate RSA with Jamf Pro using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Jamf Pro.
Procedure

1. Sign in to RSA Cloud Administration Console. 
2. Click Authentication Clients > Relying Parties.                                                                                                                                       
3. On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.                                              
4. On the Basic Information page, enter the name for the application in the Name field and click Next Step.                                                 
5. On the Authentication page, choose SecurID manages all authentication.
6. Select a Primary Authentication Method and Access Policy as required and click Next Step.                                                                 
7. Provide the Service Provider details in the following format: 
   1. ACS URL: https://<JAMF_PRO_URL>.jamfcloud.com/saml/SSO 
   2. Service Provider Entity ID: https://< JAMF_PRO_URL>.jamfcloud.com/saml/metadata.
      Refer to the Configure Jamf Pro section to obtain JAMF_PRO_URL.                                                                                             
8. In the SAML Response Protection section, choose IdP signs assertion within response.
9. Download the certificate by clicking Download Certificate.                                                                                                                           
10. Click Show Advanced Configuration.
11. Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.                                                                                                                                                                  
12. Under the Attribute Extension section, provide the Attribute Name as http://schemas.xmlsoap.org/claims/Group and map the Property as virtualGroups (the values of virtualGroups must be configured as groups in Jamf Pro).                                                        
13. Click Save and Finish.
14. On the My Relying Parties page, click the Edit drop-down icon and select the Metadata option to download the metadata.                      
15. Click Publish Changes. Your application is now enabled for SSO.                                                                                                                 

Notes

Example for Mapping Groups.
In the Jamf Pro application, under the Users section, select Smart User Groups and create a group by providing group name and permissions.

In RSA, under the Management section for the user, add the same group name in the Group Membership field that you have created in the Jamf Pro application.

Configure Jamf Pro

1. Log on to Jamf Pro with administrator credentials.
2. Navigate to Settings and select Single sign-on.                                                                                                                                        
3. Click the Single Sign-On Authentication toggle button.                                                                                                                      
4. Scroll down to the Identity Provider section, select the Other option from the drop-down menu and provide a Name for the provider. 
5. Do the following:
   1. Copy the Entity ID that contains JAMF_PRO_URL, which can be used to construct ACS URL.
   2. Select the Metadata File option and upload the metadata downloaded from RSA.                                                                      
6. Scroll down to the User Mapping section and do the following:
   1. Select NameID under Identity Provider User Mapping.
   2. Select Email under Jamf Pro User Mapping.
   3. Copy the Identity Provider Group Attribute Name that is used for configuring User Attributes in RSA.                             
7. Click Save.