Configure the RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with Administrator credentials.
2. Click Authentication Clients > Relying Parties on the menu at the top of the screen.
3. Click Add a Relying Party.  
4. In the Relying Party Catalog, click Add corresponding to Service Provider SAML. 
5. On the Basic Information page, enter the name for the application in the Name field and click Next Step.
6. On the Authentication page, choose SecurID manages all authentication.
7. Select a Primary Authentication Method and Access Policy as required and click Next Step.
8. To provide the Service Provider details, select Import Metadata and click Choose File.
9. Select the file downloaded from the service provider.
   Refer to the SAP Concur configuration section below for instructions on how to download the metadata file.
10. In the Service Provider section, the values for ACS URL and Service Provider Entity ID should be automatically filled.
11. In the SAML Response Protection section, choose IdP signs entire SAML response.
12. Click Download Certificate to download the certificate.
13. Click Show Advanced Configuration and configure Identifier Type and Property under the User Identity section as "Auto Detect" as shown in the following screenshot.
14. Click Save and Finish.
15. Go to the My Relying Parties page and choose Metadata from the Edit dropdown menu to download the metadata.
16. Click Publish Changes. After publishing, your application is now enabled for SSO.

Configure SAP Concur

1. Log in to SAP Concur with administrator credentials.
2. Navigate to Home > Expense Settings.
3. Navigate to Company > Authentication Admin.
4. Click Manage Single Sign-On.
5. Click Download to download SAP Concur metadata.
6. On the IdP metadata section, click Add. 
7. Provide the Custom IdP Name and click Upload XML File to upload the metadata file downloaded from RSA.
8. Click Add Metadata.