Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. To provide Service Provider details, select Import Metadata, click the Choose File button, and select the file downloaded from the Service Provider.

8. Assertion Consumer Service (ACS) URL, Service Provider Entity ID, SP signs SAML requests and Encrypt Assertion values will be auto filled.
9. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
10. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect

11. Under the Statement Attribute section, add the following attributes:
    1. First Attribute:
       1. Attribute Name: http:// schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
       2. Attribute Source: Identity Source
       3. Property: mail
    2. Second Attribute:
       1. Attribute Name: http://sso.teamviewer.com/saml/claims/customeridentifier
       2. Attribute Source: Constant
       3. Property: Customer Identifier Value

12. Click Next Step.
13. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
14. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
15. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure TeamViewer

1. Log in to TeamViewer as an administrator.
2. Go to Company Administration > Single Sign-On, then click the Plus button to add a domain.
3. Provide the following details and click Next.
   1. Domain: Enter the valid Domain.
   2. Configuration: Select Metadata XML.
   3. Metadata XML: Copy and paste the metadata downloaded from the RSA platform.
   4. Select the Enable SSO for additionally for all subdomains checkbox.

4. (Optional) Provide the email address under Email Exclusions and click Add.
5. Select Generate Customer Identifier and click Next.
6. Copy or download the Customer Identifier, which will be used for IdP configuration (attribute mapping). and click Next.
7. To verify domain ownership, add a new DNS record of type TXT to the Domain through the domain control panel.
8. Copy and paste the value (Name & Value) into the corresponding fields of the newly created TXT record.
9. Click Start Verification.

10. Click Finish.

11. After completing the Domain verification process, the status is reflected as 'Verified'.

Notes: