Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. Provide the Service Provider details in the following format:
   1. Assertion Consumer Service (ACS) URL: <OPSWAT MetaDefender Core Login URL> 
   2. Service Provider Entity ID: <OPSWAT MetaDefender Core Login URL>

8. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
9. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
   1. Identifier Type: transient 
   2. Property: Auto Detect

10. Under the Statement Attribute section, add the following attributes:
    1. Attribute Name: mail
    2. Attribute Source: Identity Source
    3. Property: mail

11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
13. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
14. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure OPSWAT MetaDefender Core

1. Log in to OPSWAT MetaDefender Core using admin credentials.
2. Select User Management from the left pane.

3. Select Directories tab and click Add directory.

4. Perform the following actions:
   1. Directory type: Select the SAML radio button.
   2. Name: Enter the Identity Provide Name.
   3. Identity Provider: Select Submit JSON and upload the metadata file downloaded from the RSA platform.

5. In the Service Provider section do the following:
   1. Check the Use custom entity ID checkbox and provide a unique Custom entity ID.
   2. Check the Sign in MetaDefender Core via Identity Provider site checkbox to enable SSO via IdP flow.

6. Provide the following details and click Save changes:
   1. Host or IP: 'http://<IP address>:<8008  >' (Ensure this URL includes the correct IP address and port number. Typically, the port number is 8008 where MetaDefender Core is hosted).
   2. Login URL: Copy the Login URL used as ACS URL in RSA platform for configuration.
   3. User identified by: Add the user attributes for mapping as required in the following format ${<attribute_name>}. For this configuration, ${mail} is used.

7. Toggle the switch highlighted in the figure below to enable the configuration for the newly added directory.
8. Click Enable.