This section describes how to integrate RSA SecurID Access with MyWorkDrive using a SAML SSO Agent.

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to MyWorkDrive . During configuration of the IdP you will need some information from the SP. This information includes (but is not limited to) Assertion Consumer Service URL and Service Provider Entity ID.

Please Note: Before proceeding, please ensure that MyWorkDrive server and hostname is available and accessible.

Procedure

1. Sign into RSA Cloud Administration Console and browse to Applications > Application Catalog, click Create From Template and select SAML Direct.

   

    

2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

   

    

3. Navigate to Initiate SAML Workflow section.

   1. In the Connection URL field, enter the URL like https://YourMWDserver.yourdomain.com/Account/login-saml.

   2. Choose SP-Initiated.

   

    

4. Scroll down to SAML Identity Provider (Issuer) section.

   

    

1.  Identity Provider URL - <Automatically generated>

2. Issuer Entity ID - <Automatically generated>

3. Click Generate Cert Bundle > enter a Common Name(CN) and click Generate and Download. Save this certificate as this will be needed in Step 2 of Configure SAML in MyWorkDrive section.

4. Select Choose File and upload the private key.

5. Select Choose File to import the public signing certificate.

1. Scroll down to the Service Provider section.

   

    

   1. Assertion Consumer Service (ACS) - Enter the Assertion Consumer Service (ACS) URL like https://YourMWDserver.yourdomain.com/SAML/AssertionConsumerService.aspx.

   2. Audience (Service Provider Entity ID) - Enter 'MyWorkDrive' as the audience URI.

2. Scroll to the User Identity section, select the following values.

   

    

   • Identifier Type – Email Address

   • Identity Source – name of your user identity source

   • Property – mail

3. Click Next Step.

4. On the User Access page, select Allow All Authenticated Users radio button.

1. Click Next Step.

2. On the Portal Display page, select Display in Portal.

3. Click Save and Finish.

4. Click Publish Changes.

Configure SAML in MyWorkDrive

Perform these steps to configure MyWorkDrive as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Please Note: Before proceeding, please ensure that the users are available in Active Directory with matching username UPN with users logging into RSA Cloud Authentication Service.

Procedure

1. Log into MyWorkDrive Server as administrator.

2. Navigate to C:\Wanpath\WanPath.Data\Settings\Certificates and place the RSA Cloud Authentication Service certificate downloaded in Step 4 of Configure RSA Cloud Authentication Service section.

3. Update the SAML config located at C:\Wanpath\WanPath.Data\Settings to add <PartnerIdentityProvider> entry. In this case we used below:

   <PartnerIdentityProvider Name="https://rsasaml.myworkfolders.net/Account/login-saml"

   Description="RSA Identity Provider"

   SignAuthnRequest="true"

   SingleSignOnServiceUrl="https://pe01.pe.rsa.net/IdPServlet?idp_id=yet47z8oy8bt"

   PartnerCertificateFile="C:\Wanpath\WanPath.Data\Settings\Certificates\cert.pem"/>

    

   • Name: Enter the Connection URL used in Step 3 of Configure RSA Cloud Authentication Service section.

   • Description: Description for this config.

   • SignAuthnRequest: true.

   • SingleSignOnServiceUrl: Enter the Identity Provider URL generated in Step 4 of Configure RSA Cloud Authentication Service section.

   • PartnerCertificateFile: Full file path of the certificate placed in Step 2 of this section.

    

Configuration is complete.

Return to the main page for more certification related information.