RSA Governance and Lifecycle - SAML SSO Agent Configuration - RSA Ready SecurID Access Implementation Guide
2 years ago
Originally Published: 2022-04-21

 

This section describes how to integrate RSA SecurID Access with RSA Governance and Lifecycle using a SAML SSO Agent.

Architecture Diagram

jaink9_0-1650817417807.png

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to RSA Governance and Lifecycle. During configuration of the IdP you will need some information from the SP. This information includes (but is not limited to) Assertion Consumer Service URL and Service Provider Entity ID.

Procedure

  1. Sign into RSA Cloud Administration Console and browse to Applications > Application Catalog, select RSA Governance and Lifecycle and click Add.

    jaink9_1-1650817450980.png

  2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

    jaink9_2-1650817477329.png

  3. Navigate to Initiate SAML Workflow section.

    1. In the Connection URL field, enter the url https://%HOST_NAME%/aveksa/main and replace the HOST_NAME with your RSA G&L hostname.

    jaink9_3-1650817504303.png

  4. Scroll down to SAML Identity Provider (Issuer) section. Click Generate Cert Bundle, enter the Common Name and Generate and Download the certificate. This certificate will be required in Step 4 of Configure SAML in RSA Governance and Lifecycle section.

    jaink9_4-1650817528617.png

    1. Identity Provider URL - <Automatically generated>

    2. Issuer Entity ID - <Automatically generated>

    3. Select Choose File and upload the private key.

    4. Select Choose File to import the public signing certificate.

  1. Scroll down to the Service Provider section.

    jaink9_5-1650817555947.png

    1. Assertion Consumer Service (ACS) - Enter the Assertion Consumer url as https://%HOST_NAME%/aveksa/main and replace the HOST_NAME with your RSA G&L hostname.

    2. Audience (Service Provider Entity ID) - Enter the entity id as https://%HOST_NAME%/aveksa/main and replace the HOST_NAME with your RSA G&L hostname.

  2. Scroll to the User Identity section, select the following values.

    jaink9_6-1650817581246.png
    • Identifier Type – transient

    • Identity Source – name of your user identity source

    • Property – sAMAccountName

  3. Click Next Step.

  4. On the User Access page, select Allow All Authenticated Users radio button.

    jaink9_7-1650817616106.png

  1. Click Next Step.

  2. On the Portal Display page, select Display in Portal.

  3. Click Save and Finish.

  4. Click Publish Changes.

    jaink9_8-1650817651302.png

 

Configure SAML in RSA Governance and Lifecycle

Perform these steps to configure RSA Governance and Lifecycle as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Log onto your RSA Governance and Lifecycle account using administrative credentials.

  2. From the navigation bar, navigate to Admin > System > Authentication. Click on Create Authentication Source.

    jaink9_9-1650817680731.png

  3. On the Create New Authentication Service page, enter name of the your authentication source in Authentication Source Name and select SSO SAML from Authentication Type drop down. Click Next.

    jaink9_10-1650817701178.png

  4. On the Configuration Information page, enter the following values:

    1. IdentityURL: Enter the Identity Provider URL from Step 4 of Configure RSA Cloud Authentication Service section.

    2. AveksaURL: Enter the Connection URL from Step 3 of Configure RSA Cloud Authentication Service section.

    3. IDPCertificate: Browse and select the certificate generated in Step 4 of Configure RSA Cloud Authentication Service section.

    jaink9_11-1650817724701.png

  5. Click Finish.

 

Configuration is complete.

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?