This section describes how to integrate RSA SecurID Access with Ping Identity PingFederate using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Ping Identity PingFederate SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Ping Identity PingFederate .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties.

2. Click Add a Relying Party.

3. On the Relying Party Catalog page, click the Add button next to Service Provider SAML option.

4. On the Basic Information page, enter a Name for the relying party and click Next Step.

5. On the Authentication page, configure the authentication settings as required and click Next Step.

6. On the Connection Profile page, select Data Input Method as Enter Manually.

7. In the Service Provider Metadata section, configure the following:

1. Assertion Consumer Service (ACS) URL: Enter the PingFederate ACS URL.
2. Service Provider Entity ID (Audience): Enter the PingFederate SAML 2.0 Entity ID.

Note:  If ACS URL and Audience are not known, enter temporary place holder values so that you can continue on. After you complete the PingFederate SP configuration and export its metadata, you can import it into this relying party to fill these values automatically.

8. Click Save and Finish.

9. On the My Relying Parties page, locate the PingFederate Relying Party and click Edit > View or Download IdP Metadata.

​10. On the View or Download Identity Provider Metadata page, click Download Metadata File button.

11. Click Publish Changes.

Configure Ping Identity PingFederate

Perform these steps to configure Ping Identity PingFederate as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

1. Logon to PingFederate administrative web console, open the Service Provider tab.

2. Under IDP CONNECTIONS, click Create New.

3. On the Connection Type page, check the BROWSER SSO PROFILES PROTOCOL SAML 2.0 check-box and click Next.

4. On the Connection Options page, check the BROWSER SSO check-box and click Next.

5. On the Import Metadata page, select the FILE radio button, click the Choose File button and browse to the RSA SecurID Access IdP metadata file downloaded from Step 10 of RSA Cloud Authentication Service configuration. Then click Next.

6. On the Metadata Summary page, review the information and click Next.

7. On the General Info page, review the information and click Next.

8. On the Browser SSO page, click Configure Browser SSO button.

9. On the SAML Profiles page, check the IDP-INITIATED SSO and the SP-INITIATED SSO check-boxes and click Next.

10. On the User-Session Creation page, click Configure User-Session Creation button.

11. On the Identity Mapping page, select the ACCOUNT MAPPING radio button and click Next.

12. On the Attribute Contract page, click Next.

Next Step: Proceed to the Use Case Configuration Summary section at Ping Identity PingFederate 10 for information on how to apply the Relying Party configuration to your chosen use case.