SSO Agent - SAML Configuration - Illumio SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-08-26

SSO Agent - SAML Configuration - Illumio RSA Ready SecurID Access Implementation Guide

This section contains instructions on how to integrate RSA SecurID Access with Illumio using a SAML SSO Agent.

Architecture Diagram

Admin_Dharani_0-1630005477924.png

 

RSA Cloud Authentication Service

Follow the steps in this section to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Illumio.

Procedure

  1. Logon to the RSA Cloud Administration Console and browse to Applications > Application Catalog, search for illumio and click +Add to add the connector.

    Admin_Dharani_1-1630005519495.png

     

  2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

  3. Navigate to Initiate SAML Workflow section.

    1. Leave the Connection URL field blank.

    2. Choose IDP-initiated.

      Note: The following IDP-initiated configuration works for SP-initiated Illumio connections as well.

      Admin_Dharani_2-1630005567733.png

       

  4. Scroll down to SAML Identity Provider (Issuer) section.

    Admin_Dharani_3-1630005604318.png

     

    1. Take note of the Identity Provider URL.

    2. Select Choose File and upload the private key.

    3. Select Choose File to import the public signing certificate.

    4. Select the checkbox for Include Certificate in Outgoing Assertion.

  5. Scroll down to the Service Provider section.

    Admin_Dharani_4-1630005629960.png

     

  6. Enter the Assertion Consumer Service (ACS) URL found on Illumio’s Single Sign-On Configuration page.

  7. Enter the Illumio Issuer in the Audience (Service Provider Entity ID) field.

  8. Scroll down to the User Identity section. Verify the settings are correct for your environment. In this example the NameID is set to format unspecified with the value of mail.

    Admin_Dharani_5-1630005658034.png

     

  9. Click Show Advanced Configuration.

  10. Under Attribute Extension add attributes Email Address, User.FirstName, User.LastName, User.MemberOf with their correlated property.

    Admin_Dharani_6-1630005753072.png

     

  11. Click Next Step.

  12. On the User Access page, select Allow All Authenticated Users user policy from the available options.

    Admin_Dharani_7-1630005786357.png

     

  13. 13. Click Next Step.

  14. On the Portal Display page, select Display in Portal.

  15. Click Save and Finish.

  16. Click Publish Changes. Your application is now enabled for SSO. Note: If you make any additional changes you will need to republish the changes.

    Admin_Dharani_8-1630005812522.png

     

Illumio

Follow the steps in this section to configure Illumio as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Login into the Illumio administration console.

  2. Navigate to Access Management > Authentication.

  3. Select SAML then click Configure.

  4. Click Edit.

  5. Paste the public certificate in the SAML Identity Provider Certificate field.

  6. Enter the Identity Provider URL in the Remote Login URL field.

  7. Enter the Logout Landing URL.

  8. In the Authentication Method select Password Protected Transport.

  9. Click Save.

 

Configuration is complete.

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?