This article describes how to integrate Palo Alto Cloud Identity Engine with RSA Cloud Access Service (CAS) using My Page SSO.

Configure CAS

Perform these steps to configure CAS using My Page SSO.

Procedure

1. Sign in to RSA Cloud Administration Console and click Access > My Page.
2. Enable Applications.
3. On the Applications > Application page, click Add an Application.
4. Click Create From Template and then click Select for SAML Direct.
5. On the Basic Information page, choose Cloud and click Next Step.
6. On the Connection Profile page, choose SP-Initiated.
7. Under Data Input Method, choose Import Metadata and import the metadata obtained from Palo Alto.
   
8. Make sure that the values are automatically updated as displayed in the following image.
   
9. Under the Message Protection section, make sure:
   1. SP signs SAML requests is selected. If not, then upload the SP certificate downloaded from Palo Alto.
   2. IdP signs entire SAML response is selected.
   3. Encrypt Assertion is selected, and the certificate for encrypting the assertion is uploaded.
      
      
10. Click Next Step and select the access policy for your application.
11. Make selections on the remaining tabs as per your business requirements, then click Save.
12. Click Publish Changes.

Configure Palo Alto Cloud Identity Engine

Perform these steps to configure Palo Alto Cloud Identity Engine.

Procedure

1. Sign in to https://apps.paloaltonetworks.com/hub and choose Cloud Identity Engine.
   
2. Under Authentication > Authentication Types, click Add New Authentication Types.
   
3. Under SAML 2.0, click Set Up.
   
4. Download the SP Certificate and SP Metadata, which will be used in the RSA configuration.
   
5. In the next section, upload the metadata downloaded from RSA.
   
6. Click Test SAML Setup to test the configuration, and then click Submit.
   
   

The configuration is complete.