This article describes how to integrate Salesforce Experience Cloud with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, search for Salesforce and click Add to add a connection for Salesforce Communities (Salesforce Experience cloud).

4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step. Ensure the Cloud option is selected under Choose where to enable your application.
5. In the Connection Profile section, select the SP-initiated option and provide the Connection URL in the following format: https://<Current My Domain URL >/home/home.jsp.
   The Current My Domain URL can be found under Company Settings > My Domain in the left pane on Salesforce.
   The preceding URL is the landing page of the users.
   
6. To provide Service Provider details, select Enter Manually, and provide the following details:
   1. Assertion Consumer Service (ACS) URL: https://<Current My Domain URL>
   2. Service Provider Entity ID: Enter any value and use the same value in the Entity ID field when configuring Salesforce.
7. In the SAML Response Protection section, select IdP signs assertion within response if not already selected, and download the certificate by clicking Download Certificate.
8. Under the User Identity section, click Connection Profile Show Advanced Configuration, and then configure Identifier Type and Property, if not already configured, as follows: 
   1. Identifier Type: Auto Detect
   2. Property: Auto Detect
      

11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
13. On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.
14. Use this metadata file to configure Salesforce and then update the configuration on RSA by downloading the latest metadata from Salesforce. (Edit the connector created on RSA and import the latest metadata from Salesforce in the Connection Profile tab.
15. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Salesforce Experience Cloud

Perform these steps to configure Salesforce Experience Cloud.

Procedure

1. Log in to Salesforce Experience Cloud admin console: https://login.Salesforce Experience Cloud.com 
2. In the Salesforce Experience Cloud console, click the gear icon and select Setup.
   
3. In the left pane, under the Identity section, search for and select Single Sign-On Settings.
4. Click Edit and select the SAML Enabled checkbox under Federated Single Sign-On Using SAML if it is not already selected, then click Save.
5. Select New from Metadata File.

6. Choose the metadata file downloaded from RSA Platform and click Create.
   
7. Upload the downloaded IdP certificate in the Identity Provider Certificate section by clicking Choose File, then click Save. Ensure the Entity ID is the same as what is configured as the Service Provider Entity ID on RSA. 
8. Click Download Metadata if you want to import the Salesforce metadata to RSA.

9. Navigate to My Domain under Company Settings. Click Edit under Authentication Configuration, check the checkbox next to your configuration name, and click Save.

The configuration is complete.
Return to Salesforce Experience Cloud - RSA Ready Implementation Guide