This section describes how to configure Microsoft Azure Active Directory as an IdP for RSA Cloud Authentication Service.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a service provider for Microsoft Azure Active Directory.

Procedure

1. Sign into the RSA Cloud Administration Console and browse to My Account > Company Settings > Sessions & Authentication.
2. In the Cloud Administration Console Authentication > Primary Authentication section, click Third-Party Identity Provider (IdP) and perform the following steps.
   1. Sign-in URL: Displays the URL that the administrators will use when they sign in to the Cloud Administration Console through a third-party IdP.
   2. Assertion Consumer Service (ACS) URL: Displays the URL that Microsoft Azure Active Directory will use to set up the service provider.
   3. Issuer ID: Enter the value provided by Microsoft Azure Active Directory under Single Sign-on > Set up.
   4. Issuer URL: Enter the value of the Login URL provided by Microsoft Azure Active Directory under Single Sign-on > Set up.
   5. Audience ID: Enter a value that the identity provider will insert into SAML assertions to indicate for whom the assertions are intended. The value is set as the Entity ID in SAML requests sent to the identity provider.
3. In the SAML Response Signature section, click Choose File to upload a certificate that the Cloud Authentication Service uses to validate the assertion signature provided by Microsoft Azure Active Directory.
4. Click Save Settings.
5. Click Publish Changes.

Configure Microsoft Azure Active Directory

Perform these steps to configure Microsoft Azure Active Directory as the third-party IdP for RSA Cloud Authentication Service.

Procedure

1. Sign into Microsoft Azure Active Directory Admin Console.
2. In the left pane, click Enterprise applications.
   
3. Click the plus icon for New Application and click Create your own application.
4. On the Create your own application screen, enter a name for the app (RSA Cloud Authentication Service) and click Create.
   
   The new application properties page appears.
5. On the Getting Started menu, click Set up single sign-on, and then choose SAML as the single sign-on method.
6. In the Basic SAML Configuration section, click the edit icon and enter the Entity ID which should be the same as the Audience ID field that is configured on the RSA side. 
   
7. Enter the ACS URL provided by RSA.
8. In the SAML Certificates section, download the signing certificate, which needs to be uploaded to RSA as the IdP signing certificate. 
9. In the Set up section, copy the Login URL and provide it as the Issuer URL and the Azure AD Identifier as the Issuer ID field in RSA Administration Console. See step 2 in the previous section.
   
10. In the left pane, click Users and Groups and choose the users in your organization to whom you want to give access to the application.
    

Configuration is complete.

Return to the main page.