OneLogin - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate OneLogin with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure
  1. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.                                                                                      image.png
  2. On the Applications > Application Catalog page, search for OneLogin and click Add to add the connection.                                      image.png
  3. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                             image.png
  4. On the Connection Profile page, click the IdP-initiated option.                                                                                                               image.png
  5. Provide the Service Provider details in the following format: 
    1. ACS URL: https://<your-subdomain>.onelogin.com/access/idp.
    2. Service Provider Entity ID: <OneLogin Entity ID>
      Refer to the Configure OneLogin section to obtain ACS URL and Entity ID.                                                                              image.png
  6. In the SAML Response Protection section, choose IdP signs assertion within response.
  7. Download the certificate by clicking Download Certificate.                                                                                                                       image.png
  8. Click Show Advanced Configuration.
  9. Under the User Identity section, configure Identifier Type and Property. For example, Identifier TypeAuto Detect and PropertyAuto Detect.                                                                                                                                                               image.png
  10. Under the Statement Attributes section, add the attributes as shown in the following figure.                                                                         image.png
  11. Click Next Step.
  12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                                  image.png
  13. On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.                          image.png
  14. Click Publish Changes. Your application is now enabled for SSO.                                                                                                              image.png image.png

Configure OneLogin

Perform these steps to configure OneLogin.
Procedure
  1. Log on to OneLogin with administrator credentials.
  2. Click Administration.                                                                                                                                                                                     image.png
  3. Click Authentication and select Trusted IdPs.                                                                                                                                             image.png
  4. Click New Trust.                                                                                                                                                                                        image.png
  5. Provide a name for the IdP and click the green tick icon.                                                                                                                            image.png
  6. Under the Configurations section, provide the following details:
    1. Issuer – The EntityID value that can be obtained from the metadata file downloaded from RSA.
    2. Email Domains – Provide one or more domains, separated by commas. Authentication will be initiated for users who enter any email address with one of these domains.
    3. Select the Sign users into OneLogin checkbox.                                                                                                                                image.png
  7. Under the SAML Configurations section, provide the following:
    1. IdP Login URL – The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
    2. SP Entity ID – Use this value while configuring RSA. 
    3. Obtain the your-subdomain value from the SP Entity ID that is used to construct the ACS URL. The your-subdomain value is found in https://<your-subdomain>. onelogin.com.
    4. To construct the ACS URL, copy the your-subdomain value and paste it into the following URL: https://<your-subdomain>. onelogin.com/access/idp                                                                                                                                                                        image.png
  8. Under the Trusted IdP Certificate section, copy and paste the certificate downloaded from RSA.                                                           image.png
  9. Scroll up, select the Enable Trusted IDP checkbox, and click Save.                                                                                                         image.png

The configuration is complete.
Return to OneLogin - RSA Ready Implementation Guide.
 

Related Articles

Trending Articles

Don't see what you're looking for?