This article describes how to integrate Skyhigh Security Service Edge (SSE) admin portal with RSA Cloud Authentication Service for cloud administrators using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.

Procedure

1. Sign in to RSA Cloud Administration Console.
2. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
3. On the Applications > Application Catalog page, click Create From Template.
   
   
4. Click Select for SAML Direct.
5. On the Basic Information page, choose Cloud.
   
6. Enter the name for the application in the Name field and select Next Step.
7. On the Connection Profile page, choose IdP-initiated. 
   
8. In the Data Input Method section, select Import Metadata and choose the metadata file downloaded from Skyhigh.
9. Review the following values that are auto-filled or auto-selected:
   1. Assertion Consumer Service(ACS) URL
   2. Service Provider Entity ID
   3. Identity Provider Entity ID should have the default value selected. Select the default value if not already selected.
   4. Audience for SAML Response should have the default value selected. Select the default value if not already selected.
   5. Under the SAML Request Protection section of Message Protection, SP signs SAML Requests should be selected and certificate added.
   6. Under the SAML Response Protection section of Message Protection, IdP signs assertion within response should be selected.  
   7. The Encrypt Assertion checkbox should be selected, and the certificate should be added.
10. Download the certificate to be used for the Skyhigh SSE admin portal configuration.
    
    
11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step.
13. Make the desired changes to the Portal Display option and click Next Step.
14. Make desired changes to the Fulfillment page and click Save and Finish.
15. Click Publish Changes. 

Configure Skyhigh

Perform these steps to configure Skyhigh SSE admin portal.
Procedure

1. Log in to your Trellix account and click the user symbol in the upper-right corner.
   
2. Edit the Identity Provider section under Tenant Settings and click the Enable Identity Provider SSO toggle switch.
   
3. Provide the following values.
   1. Issuer: This is the Identity Provider Entity ID from the RSA configuration.
   2. Login URL: This value is the same as Issuer.
   3. Certificate: Upload the downloaded certificate from the RSA side.
      
4. Add your admin account to the exempt list and save the changes.
5. Download the SAML Metadata to be used on the RSA-side configurations.

Note: Relying party integration and SP-Initiated flow for My page are not supported.

The configuration is complete.

Return to Skyhigh Security Service Edge (SSE) Admin Portal - RSA Ready Implementation Guide.