Symantec Privileged Access Manager - SAML Relying Party Configuration - RSA Ready Implementation Guide
6 months ago

This article describes how to integrate Cloud Access Service (CAS) with Symantec Privileged Access Manager using SAML Relying Party.

   

Configure CAS

Perform these steps to configure CAS

Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Navigate to Authentication Clients > Relying Parties.
  3. On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.
  4. On the Basic Information page, enter the name for the application in the Name field and click Next Step.
  5. On the Authentication tab, choose RSA manages all authentication, and select a Primary Authentication Method and Access Policy as required.
  6. Click Next Step.
  7. Specify the following details from Symantec Privileged Access Manager.
    1. Assertion Consumer Service (ACS URL)https://hostname.SymantecPAM/idp/profile/SAML2/POST/SSO
    2. Service Provider Entity ID: Unique in both CAS and Symantec Privileged Access Manager.
  8. Under the Message Protection section, for SAML Response Protection:
    1. Select the certificate downloaded from Symantec Privileged Access Manager.
    2. Choose IdP signs the assertion with response.
  9. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
  10. Make a note of the Identity Provider Entity ID, as it is needed for the Symantec Privileged Access Manager configuration.
  11. Click Save and Finish.
  12. On the My Relying Parties page, for the created Relying Party, click the Edit drop-down icon and select the Metadata option to download the metadata.
  13. Click Publish Changes.
    Your application is now enabled for SSO.

    

Configure Symantec Privileged Access Manager

Perform these steps to configure Symantec Privileged Access Manager.

Procedure

  1. Log in to Symantec Privileged Access Manager with the admin account.
  2. Browse to Configuration > Security > SAML and provide the following details under SP Configuration.
    1. Entity ID: It should be unique in both CAS and the Symantec portal.
    2. Fully Qualified HostName: Specify the CAS hostname here.
    3. Certificate Key Pair: gkcert.crt. This can be uploaded in the CAS SAML request.
  3. Navigate to Configured Remote SAML IDP to upload IDP Metadata File, which was downloaded from RSA.
  4. Click Save to complete the SAML configuration.
  5. Navigate to Configuration > Security > Certificates > Download from Filename and select the certificate to download it. This needs to be used in CAS configuration.

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?