This article describes how to integrate RSA with Litmos using SAML Relying Party.

Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console.
2. Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.
3. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.
4. On the Basic Information page, enter a name for the application in the Name field and click Next Step.
5. In the Authentication tab, select SecurID manages all authentication.
6. Select Primary Authentication Method and Access Policy as required and click Next Step.
7. To provide Service Provider details, select Import Metadata, click the Choose File button, and select the file downloaded from the Service Provider.

8. Assertion Consumer Service (ACS) URL and Service Provider Entity ID values will be auto filled.
9. Under SAML Request Protection, select the SP signs SAML requests checkbox. Click Choose File and upload the certificate.

10. In the SAML Response Protection section, select IdP signs entire SAML response, and download the certificate by clicking Download Certificate.
11. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect

12. Under the Attribute Extension section, add the following attributes:
    1. First Attribute:
       1. Attribute Name: FirstName
       2. Attribute Source: Identity Source
       3. Property: givenName
    2. Second Attribute:
       1. Attribute Name: LastName
       2. Attribute Source: Identity Source
       3. Property: sn
    3. Third Attribute:
       1. Attribute Name: Email
       2. Attribute Source: Identity Source
       3. Property: mail

13. Click Save and Finish.
14. On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.
15. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Litmos

1. Log in to Litmos using admin credentials.
2. Click on your profile icon in the top right corner and select Account Settings.
3. In the left-hand menu, select Integrations.

4. Select SAML 2.0 (Single Sign On) to enable Single Sign-On (SSO).
5. Perform the following actions and click Save changes.
   1. Under SAML Metadata, copy and paste the metadata downloaded from the RSA platform. 
   2. Check the Enable service-provider initiated single-sign on from Litmos checkbox to enable SSO from Service Provider.
   3. IdP Descriptor: Enter the name of the Flow
   4. IdP Login URL: Obtain this from the metadata file downloaded from the RSA platform
   5. Autogenerate Users: Ensure the checkbox is selected by default.
   6. Select the Verify assertion encryption checkbox. 

Note: Click the hyperlink to download the Service Provider metadata file used for RSA configuration.

6. Open the downloaded metafile and manually copy the <ds:x509Certificate> (Signing certificate) from the service provider metadata file. Save it as .pem file, which is used for configuration in the RSA platform.