Nutanix Prism Central - IDR SSO Configuration using SAML - RSA Ready Implementation Guide
a year ago

This article describes how to integrate RSA SecurID Access with Nutanix Prism Central using a SAML SSO Agent. 

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Nutanix Prism Central.

Procedure

  1. Log in to the RSA Cloud Administration Console and navigate to Applications > Application Catalog.
  2. Click Create From Template and select SAML Direct.
  3. Select the Identity Router option.
  4. On the Basic Information page, enter the name for the application in the Name field.
  5. Click the Next Step button.

  1. On the Initiate SAML Workflow section, select the IDP-initiated button.
  2.  On the binding method for SAML Request section, select Redirect if not already selected. 
  3.  On the connection URL section, give the base URL of the Nutanix Prism Central till the port number as shown in the following screenshot, it will be of the form https://<IP where Nutanix Prism Central is installed>:<portnumber>/

  1.  In the Identity Provider section, perform the following steps:
    1. Select the default Identity Provider Entity ID if not already selected.
    2. Click the Generate Cert Bundle button to generate and download a zip file containing the private key and certificate. Unzip the downloaded file to extract the certificate and private key.
    3. Select the first Choose File and upload the RSA SecurID Access private key.
    4. Select the second Choose File and upload the RSA SecurID Access public certificate.

  1. In the Assertion Consumer Service (ACS) URL field, enter value which will be of the form https://<hostname of the IP where Nutanix Prism Central is installed>:<port number>/api/iam/authn/callback.
  2. In the Audience (Service Provider Entity ID) field, enter value which will be of the form https://<hostname of the IP where Nutanix Prism Central is installed>:<port number>/api/iam/authn.

  1. In the User Identity section, from the Identifier Type dropdown list, select Email Address. 
  2. Select the name of your user identity source and select the property value as mail.

  1. In the NameID modification section, make the required changes as per the organization needs.
  2. In Sign Outgoing Assertion section, select Assertion within response.

  1. Select the Include issuer NameID Format.
  2. From the NameID format dropdown list, select Email Address.

  1. Click the Next Step button.
  2. On the User Access page, select the access policy.

  1. Click the Next Step button.
  2. On the Portal Display page, configure the portal display settings.
  3. Enter descriptive text about the application in the Application Tooltip field. The portal will display this text when a user passes the cursor over the application’s icon.
  4. Click the Next Step button.
  5. Configure the options in Fulfilment tab if needed and then click Save and Finish.
  6. Click the Publish Changes button in the top left corner of the page and wait for the operation to be completed.

  1. Search for created application from the list of applications and select Export Metadata from the Edit dropdown list to download an XML metadata file containing your RSA SecurID Access IdP’s metadata.

Note: You will need XML metadata file containing your RSA SecurID Access IdP’s metadata when you configure Nutanix Prism Central.

Configure Nutanix Prism Central

Perform these steps to configure Nutanix Prism Central as an SSO Agent SAML Service provider to RSA Cloud Authentication Service.

Configure Identity Provider

Perform these steps to configure Identity Provider

Procedure

  1. Log in to Nutanix Prism Central using admin credentials.
  2. Select Admin Center from the top left corner dropdown and click IAM.

  1. Select the Idp Configuration tab and select Add Identity Provider.

  1. Select SAML Identity Provider.
  2. In the resulting Configure Identity Provider section, click Import Metadata to import the metadata downloaded from RSA and verify the below values are populated and if not populated add it from RSA.
    1. Configuration Name :Any value (“VIASSO” in this instance)
    2. Username Attribute :mail
    3. Email Attribute :mail
    4. Identity Provider URL: This should be the same as what is provided in RSA .
    5. Certificate :Certificate, which is used to sign the assertion ,which can be downloaded from RSA if not pre-populated.
  1. Save the configuration.

Configure Authorization Policy

Perform these steps to configure Authorization Policy

Procedure

  1. Log in to Nutanix Prism Central using admin credentials.
  2. Select Admin Center from the top left corner dropdown and click IAM.

  1. Click Authorization Policies.
  2. Click Create Authorization Policy.
  3. Choose the Role and click Next.

  1. Choose the scope as per your business requirements.

  1. In the Assign Users tab, select the SAML Identity Provider configuration you have created and type in the emails of the users who need access.

  1. Click Save.

Return to Nutanix Prism Central- RSA Ready Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?