OnlyOffice - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate OnlyOffice with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure
  1. Sign in to the RSA Cloud Administration Console with administrator credentials.
  2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.image.png
  3. On the Applications > Application Catalog page, search for OnlyOffice and click Add to add connection.image.png
  4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.image.png
  5. In the Connection Profile section, select IdP-initiated option.image.png
  6. Provide the Service Provider details in the following format:
    1. Assertion Consumer Service (ACS) URL: https://<tenant_id>.onlyoffice.com/sso/acs.
    2. Service Provider Entity ID: https://<tenant_id>.onlyoffice.com/sso/metadata.
image.png
Refer to the OnlyOffice configuration section to obtain ACS URL and Service Provider Entity ID.
  1. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.image.png
  2. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect
image.png
  1. Under the Statement Attribute section, add the following attributes:
    1. First Attribute:
      1. Attribute Name: giveName
      2. Attribute Source: Identity Source
      3. Property: giveName
    2. Second Attribute:
      1. Attribute Name: mail
      2. Attribute Source: Identity Source
      3. Property: mail
    3. Third Attribute:
      1. Attribute Name: sn
      2. Attribute Source: Identity Source
      3. Property: sn
image.png
  1. Click Next Step.
  2. Choose your desired Access Policy for this application and click Next Step > Save and Finish.image.png
  3. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.image.png
  4. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.image.pngimage.png

Configure OnlyOffice

Perform these steps to configure OnlyOffice.
Procedure
  1. Log in to OnlyOffice using the admin credentials.
  2. Navigate to the bottom of the left side and click the ellipsis icon (three dots).
image.png
  1. Click Settings.
image.png
  1. Click Integration.
image.png
  1. Select the Single Sign-On tab and click Enable Single Sign-on Authentication to enable SSO.image.png
  2. Click Select file and upload the metadata file downloaded from the RSA platform. All the required fields will be auto populated. Select nameid-format as urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified from the drop down.
image.png
  1. Check the Verify Auth Responses Sign checkbox and select rsa-sha256 from the dropdown menu.image.png
  2. Under Attribute Mapping, enter the same attribute names provided on the RSA platform and click Save.image.png
  3. Copy the Entity ID and ACS URL for configuration in the RSA platform.image.png
The configuration is complete.
Return to OnlyOffice - RSA Ready Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?