This section describes how to integrate RSA SecurID Access with Pega Platform using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Pega Platform SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Pega Platform .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

1. Click the Add a Relying Party button on the My Relying Parties page.

1. From the Relying Party Catalog select the +Add button for Service Provider SAML.

1. Enter a Name for the Service Provider in the Name field on the Basic Information page.

   

    

2. Click the Next Step button.

3. On the Authentication page, select RSA SecurID Access manages all authentication.

4. Select your access policy from the Access Policy for Additional Authentication drop-down menu.

   

    

5. Select Next Step.

6. For Connection Profile page's Service Provider Metadata section, enter the following information:

1. Assertion Consumer Service (ACS) URL This can be obtained from Step 7 of Configure SAML in Pega Platform section.

2. Service Provider Entity ID - This can also be obtained from Step 7 of Configure SAML in Pega Platform section.

1. Select Default Service Provider Entity ID in Audience for SAML Response section.

1. Download Certificate and click Choose File and attach the .PEM file in the configuration.

   

    

2. Click Show Advanced Configuration and configure User Identity with the following values:

1. Identity Type – Email Address

2. Property - mail

1. Click Save and Finish.

2. Click Publish Changes

1. Navigate to Authentication Clients > Relying Parties and locate Pega in the list and from the Edit option, select View or Download IdP Metadata and Download Metadata File.

Configure SAML in Pega Platform

Perform these steps to configure Pega Platform as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

1. Log onto the Pega Platform Dev Studio.

2. Navigate to Configure > Org &Security > Authentication > Create Authentication Service.

   

    

3. Enter the following details:

   

    

   • Authentication Type: SAML 2.0

   • Name: Any name for this service

   • Short description: Any short description for this service.

4. Click Create and Open.

5. On the Authentication Service form enter a Authentication service alias. This becomes part of the URL of SSO login.

   

    

6. Click the Import IDP metadata link and select via file and choose the idp metadata downloaded in Step 15 of Configure RSA Cloud Authentication Service section.

   • After the idp metadata import the Identity Provider (IdP) information should look like this:

     

      

7. On the Service Provider (SP) settings section, copy the Entity Identification url and Assertion Consumer Service (ACS) location url. These urls are needed in Step 9 of Configure RSA Cloud Authentication Service section.

   • Select Disable request signing checkbox.

     

      

8. Click Save.

Return to the main page for more certification related information.