Salesforce - SAML IDR SSO Configuration RSA Ready Implementation Guide
2 years ago
Originally Published: 2023-06-08

This section describes how to integrate Salesforce with RSA Cloud Authentication Service using IDR SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an IDR SSO to Salesforce.

Procedure

  1. Log on to RSA Cloud Administration Console and navigate to Applications Application Catalog.
  2. Search for Salesforce.com and click Add to add the connector.
    Saneesh_0-1686207329028.png
  3. On the Basic Information page, enter the name for the application in the Name field, and click Next Step.
  4. Choose Identity Router and click Next Step.
    Saneesh_0-1686207390681.png
  5. Navigate to the Initiate SAML Workflow section.

    In the Connection URL field, verify the default setting.

  6. Choose IDP-initiated or SP-Initiated
    Saneesh_1-1686207452264.png
  7. Scroll down to the SAML Identity Provider (Issuer) section.
    Saneesh_2-1686207488933.png
    1. Identity Provider URL is automatically generated.
    2. Issuer Entity ID is automatically generated.
    3. Click Choose File and upload the private key.
    4. Click Choose File to import the public signing certificate.
    5. Select the Include Certificate in Outgoing Assertion check box.
  8. In the Service Provider section and enter following details:
    1. Assertion Consumer Service (ACS) - https://< Current My Domain URL from Salesforce>
    2. Audience (Service Provider Issuer ID) - https://< Current My Domain URL from Salesforce >
      Saneesh_3-1686207601398.png
  9. Scroll down to the user identity section and select the following:
    1. Identifier Type – unspecified
    2. Identity Source – select your user identity source.
    3. Property – mail
  10. Click Next Step.
  11. On the User Access page, select the access policy that the identity router will use to determine which users can access the application.
    Saneesh_4-1686207717298.png
  12. Click Next Step.
  13. On the Portal Display page, configure the portal display and other settings.
  14. Click Save and Finish.
  15. Click Publish Changes.
    Saneesh_5-1686207739494.png
  16. Navigate to Applications My Applications
  17. Locate your Salesforce application instance in the list and from the Edit option, and click Export Metadata.
    Note: The preceding two steps are applicable only if export metadata is required.

Configure Salesforce

Perform these steps to configure Salesforce.

Procedure

  1. Log on to Salesforce admin console. https://login.salesforce.com
  2. Click Switch to Lightning Experience if you are using Salesforce classic.
    Saneesh_6-1686207933277.png
  3. Click the gear icon on the upper-right corner, and click Service Setup.
    Saneesh_7-1686207976124.png
  4. In the left pane, click Single Sign-On Settings under the Identity section.
    Saneesh_8-1686208005960.png
  5. Click Edit and select SAML Enabled if not selected already.
    Saneesh_9-1686208030930.png
  6. Click New or New from Metadata File.
  7. If you clicked New from Metadata File, then select the metadata file downloaded from Idp, and click Create.
    Saneesh_10-1686208056834.png
  8. If clicked New, add the details and click Save.
    1. In the Name field, enter a name for this Authentication Service profile.
    2. Click in the API Name field, the name from the Name field is automatically populated..
    3. In the Issuer field, enter the Identity Provider Entity ID for an IDR integration or https://<rsa_tenant>.auth.securid.com/saml-fe/sso for a Cloud IdP integration.
    4. In the Entity ID field, enter an ID that starts with https://, for example, https://<instance>.my.salesforce.com. This must match the Audience (Service Provider Entity ID) field on the RSA SecurID Access.
    5. In Identity Provider Certificate, click Browse and select RSA SecurID Access public certificate.
    6. In SAML Identity Type, select Assertion contains User’s Salesforce.com username.
    7. In SAML Identity Location, select Identity is in the NameIdentifier element of the Subject statement.
    8. In Service Provider Initiated Request Binding, select HTTP Redirect for an IDR integration and HTTP POST for a Cloud IdP integration.
      Saneesh_11-1686208171533.png
  9. Click My Domain under Company Settings.
  10. Click Edit under Authentication Configuration.
  11. Under Authentication Configuration, select the single sign on setting configured.

    Note: If your environment requires SP signing, click Download Metadata, return to the RSA console, and edit the connector to import the metadata file, which will import the certificate.

  12. Navigate to Settings > Company Settings > Authentication Configuration, and click Edit.
    Saneesh_12-1686208248382.png
  13. Select the check box next to the Authentication Service which corresponds to your RSA configuration, and click Save.

    Note: Clear the check boxes for Login Form and other services to prevent side door access. 
    Saneesh_13-1686208272578.png

Note on My Domain URL

The current My Domain URL value can be found in My Domain under Company Settings.

Saneesh_17-1686632826455.png

 

Configuration is complete.

Return to main page .

 

Related Articles

Trending Articles

Don't see what you're looking for?