This article describes how to integrate RSA with MongoDB using SAML Relying Party.

Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console.
2. Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.
3. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.
4. On the Basic Information page, enter a name for the application in the Name field and click Next Step.
5. In the Authentication tab, select SecurID manages all authentication.
6. Select Access Policy as required and click Next Step.
7. To provide Service Provider details, select Import Metadata, click the Choose File button, and select the file downloaded from the Service Provider.

8. Assertion Consumer Service (ACS) URL and Service Provider Entity ID values will be auto filled.
9. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
10. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect

11. Under the Statement Attribute section, add the following attributes:
    1. First Attribute:
       1. Attribute Name: firstName
       2. Attribute Source: Identity Source
       3. Property: givenName
    2. Second Attribute:
       1. Attribute Name: lastName
       2. Attribute Source: Identity Source
       3. Property: sn

12. Click Save and Finish.
13. On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.
14. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure MongoDB

1. Log in to MongoDB as the organization owner.
2. Click on Settings.

3. Under Federated Authentication Settings, click Open Federation Management App.
4. Click Domains and select Add Domain.

5. Provide a Display Name and Domain Name, select DNS Record to verify your domain, and click Continue. Follow the on-screen instructions.
6. Click VERIFY to verify your domain.
   • The domain Status will be updated to VERIFIED.

7. Click Identity Providers and select Set Up Identity Providers.

8. Select Workforce Identity Federation and click Continue.

9. Provide a Configuration Name.

10. Enter the following details:
    1. Issuer URI: The value of entityID, obtainable form the metadata file downloaded from the RSA platform.
    2.  Single Sign-On URL: The value of SingleSignOnService, Obtainable from the metadata file download form the RSA platform
    3. Click Choose File and upload the certificate downloaded from the RSA platform.

11. Click Continue.

12. Click Download metadata. This will be used for configuring the RSA platform.
13. Click Save and Finish.

14. Click ASSOCIATE DOMAINS.

15. Check the checkbox for the domain you verified and click Submit.
16. Click the Manage dropdown and select Activate Identity Provider to activate the provider.