Vmware Workspace One - Relying Party Configuration - RSA Ready SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-07-29

This section describes how to integrate RSA SecurID Access with Vmware Workspace One using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Vmware Workspace One SAML Service Provider (SP).

Architecture Diagram

arch-diag-rp-saml_624x403.png

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Vmware Workspace One .

Procedure

    1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

    2. Select the Authentication Clients > Relying Parties menu item at the top of the page.

rp01.png

    1. Click the Add a Relying Party button on the My Relying Parties page.

rp02.png

    1. From the Relying Party Catalog select the +Add button for Service Provider SAML.

rp03.png

    1. Enter a Name for the Service Provider in the Name field on the Basic Information page.

    2. Click the Next Step button.

    3. On the Authentication page, select RSA SecurID Access manages all authentication

    4. If RSA SecurID to manages all authentication, select Primary Authentication Method and Access Policy for Additional Authentication.

    5. Select Next Step.

    6. Configure the Connection Profile, click Choose File and import the Metadata extracted from VmwareWorkspace One

rp05.png

      1. Assertion Consumer Service (ACS) URL - Automatically generated by Importing Metadata
      2. Service Provider Entity ID - Automatically generated by Importing Metadata

RP06.png

  1. Select Default Service Provider Entity ID

  2. Download Certificate and click Choose File and attach the .PEM file in the configuration.

  3. Configure User Identity for NAMEID mapping.

    1. Identity Type – Auto Detect

    2. Property - Auto Detect

  4. Click Save and Finish.

  5. Browse to Authentication Clients -> Relying Party and select the configured relying party connector, select the down arrow next to Edit and select View or Download IdP Metadata.

  6. Click Publish Changes

 

Configure Vmware Workspace One

Perform these steps to configure Vmware Workspace One as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Logon to VMware Identity Manager Administrator console and browse to Identity & Access Management > Identity Providers

  2. Click Add Identity Provider and then click Create SAML IDP

  3. Click and download Service Provider (SP) Metadata

  4. Configure the Workspace Oneas Service Provider as follows

    sso02_624x562.png

    ss03_624x469.png

    ss04_624x362.png

    1. Identity Provider Name - Add a name to Identity Provider ex. RSA SecurID

    2. Binding Protocal - HTTP Redirect

    3. SAML Metadata - Import the RSA SecurID Cloud Authentication Service Metadata which is exported from IDP configuration and click Process IDP Metadata

    4. Name ID Policy in SAML Request - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    5. Check the Send Subject in SAML Request.

    6. Check the Use Name ID format mapping for Subject.

    7. Network - Check the networks this IdP can be accessed from.

    8. Authentication Methods - Add a Auth Method with SAML context as urn:oasis:names:tc:SAML:2.0:ac:classes:Password

  5. Click Save

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Relying Party configuration to your chosen use case.

 

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?