Okta - SAML My Page SSO Configuration - RSA Ready Implementation Guide
9 months ago
Originally Published: 2021-11-07

This section describes how to configure Okta  with RSA Cloud Authentication Service using my page SSO.


Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.  
Procedure

  1. Sign in to RSA Cloud Administration Console and navigate to Applications > Application Catalog. Click Create From Template and select SAML Direct.

  1. Choose Cloud on the Basic Information page.

  1. Enter the name for the application and click the Next Step button.

  1. On the Connection Profile page, Navigate to Initiate SAML Workflow section and choose IdP-initiated.

  1. In Data Input Method, select Import Metadata file from Okta to populate the Assertion Consumer Service URL value and Service Provider Entity ID.

  1. Scroll down to the Identity Provider section. Make a note of the Identity Provider URL, as it will be needed for the OKTA configuration.

  1. Under the Message Protection section, for SAML Response Protection:
    • Select IdP signs assertion with response.

  1.  Scroll down to the User Identity section and select the following:
    1. Identifier Type – emailAddress
    2. Property – mail

  1. Click Next Step, select Allow All Authenticated Users, from the drop down select the policy for this application.

  1. On the Portal Display page, select Display in Portal. Click Next step.

  1. Enter Fulfilment details as shown below.

  1. Locate the application just created in My Applications page and click the dropdown arrow next to Edit > Export Metadata.

  1. Click Publish Changes. After publishing, your application is now enabled for SSO.

The configuration is complete.

OKTA Configuration

Perform these steps to configure OKTA.

Procedure

  1. Log in to Okta with the admin account, browse to the Security > Identity Providers  > Add Identity provider.

  1. Select the Identity Provider as SAML 2.0 click Next.

  1. Provide the name details to configure General settings.

  1. Select IdP Usage as SSO only and select the checkbox for Account matching with Persistent Name ID.

  1. Provide details in the Account matching with IdP Username section.
    • Select the idpuser.subjectNameID from drop down for IDP username.
    • Match against field select the Email from drop down.
    • If no match is found select the check box Redirec to Okta Sign-in page.

  1. Provide the following details in the SAML Protocol Setting section:
    • IdP Issuer URI - Obtain from the metadata file downloaded from RSA.
    • IdP Single Sign-On URL - Obtain from the metadata file downloaded from RSA.
    • IdP Signature Certificate – Upload the downloaded certificate from RSA.
    • Request Binding – Select HTTP POST.

  1. Provide the details as shown in the following figure and click Finish.
    • Request Signature select the check box Sign SAML Authentication requests.
    • Request Signature Algorithm select the SHA-256 from the drop down list.
    • Destination Specify the destination RSA URL.

     8. Navigate to the Identity Providers section and click Add Routing Rule under the Routing rules tab.

    9. Provide the Rule name, select the IdP as Okta under IdPs, and click Create rule.

   The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?