This article describes how to integrate SilverFort with RSA Cloud Access Service (CAS) using My Page SSO.

Configure CAS

Perform these steps to configure CAS using My Page SSO.
Procedure

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Click Create from Template and then click Select next to SAML Direct.
3. On the Basic Information page, choose Cloud.
4. Enter a name for the SilverFort application and click Next Step.
   
5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose SP-initiated.
6. Connection URL: It is not required for SilverFort and can be set to any valid URL. For example, you can use the ACS URL as the Connection URL.
7. Under Data Input Method, choose Enter Manually.
8. Scroll down to the Service Provider section and provide the details in the following formats:
   1. Assertion Consumer Service (ACS) URL: Enter your Mobile Messaging Service URL with the addition of the following prefix: /apps/api/sso/response. For example:
      • Global - https://raven.silverfort.io/apps/api/sso/response
      • Singapore - https://sg.raven.silverfort.io/apps/api/sso/response
      • Europe - https://eu.raven.silverfort.io/apps/api/sso/response
      • Australia - https://au.raven.silverfort.io/apps/api/sso/response
      • India - https://in.raven.silverfort.io/apps/api/sso/response
   2. Service Provider Entity ID: Enter the SAML Entity ID for your application. To ensure successful authentication, this must match the Audience value set in SilverFort.
      
9. Under the Message Protection section, choose IdP signs entire SAML response.
   
10. Under the User Identity section, select emailAddress as Identifier Type and mail as Property.
    
11. Under the Statement Attributes section, enter the following attributes:
    Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Property: userName
    Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Property: mail
    
    
12. Click Next Step.
13. On the User Access page, select the access policy to determine which users can access the application, and then click Next Step.
    
14. On the Portal Display page, configure the portal display and other settings.
15. Click Next Step. 
16. On the Fulfillment page, configure your preferred settings, or leave the Fulfillment toggle disabled as is, and then click Save and Finish.
17. Click Publish Changes and wait for the operation to be completed.
    After publishing, your application is enabled for SSO.
18. Navigate to the newly created application from Application, and in the drop-down list, choose Export Metadata. This metadata will be used later in the SilverFort configuration.
     

Configure SilverFort

Perform these steps to configure SilverFort.

Procedure

1. In the SilverFort Admin Console, navigate to the Settings page and select Integrations.
2. Click the Identity Bridge tab.
3. Click Add IdP and provide the following details.
   1. IdP Name: RSA ID Plus
   2. Application Name: Anything of your choice; for example, RSA_Silverfort_App
   3. Login URL: The Identity Provider URL copied from RSA (to find this, select Edit on your SAML application in RSA, and copy the Identity Provider URL).
   4. Issuer: The value of entityID copied from the metadata.
   5. Audience: The same value set for Service Provider Entity ID in RSA (for example, Silverfort_SP).
   6. Upload certificate: The certificate that was previously downloaded from RSA.
      
4. Click Save.

Create Bridge Policy

Perform the following steps to create a SilverFort Bridge policy.

1. On the Admin Console, navigate to the Policies page.
2. Select Create policy and fill all required fields.
   1. Policy name: Create a name for the policy
   2. Action: Select Identity Bridge.
   3. IdP: Select RSA ID Plus.
   4. Enterprise app: Select the application name you entered in the Bridge Config.
3. Click Save.

The configuration is complete.