Vmware Workspace One - SAMLSSOAgent Configuration - RSA Ready SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-07-29

This section describes how to integrate RSA SecurID Access with Vmware Workspace One using a SAML SSO Agent.

Architecture Diagram

arch-diag-sso-saml_624x403.png

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Vmware Workspace One.

Procedure

    1. Sign into RSA Cloud Administration Console and browse to Applications > Application Catalog, search for VmwareWorkspace One and click +Add to add the connector.

    2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

    3. Download the SP Metadata from Workspace One and import it by Import Metadata

    4. Navigate to Initiate SAML Workflow section.

      1. In the Connection URL field, verify the default setting.

      2. b. Choose SP-Initiated.

      3. Select Binding Methods as Redirect

    5. Scroll down to SAML Identity Provider (Issuer) section.

saml02.png

    1. Identity Provider URL - Automatically generated

    2. Issuer Entity ID - Automatically generated

    3. In SAML Response Signature section, click on Generate Cert Bundle

      1. Select Choose File and upload the private key.

      2. Select Choose File to import the public signing certificate.

    4. Make sure Include Certificate in Outgoing Assertion is unchecked.

    5. Scroll down to the Service Provider section.

SAML03.png

    1. Assertion Consumer Service (ACS) - Automatically generated by Importing Metadata

    2. Audience (Service Provider Issuer ID) – Automatically generated by Importing Metadata

sso01_624x192.png

  1. Identifier Type – Subject

  2. Identity Source – Select the available Identity Source

  3. Property – sAMAccountName

    1. Click Next Step.

    2. Select the Access Policy

    3. Click Next Step.

    4. On the Portal Display page, select Display in Portal.

    5. Click Save and Finish.

    6. Click Publish Changes.

SAML06.png

  1. Navigate to Applications > My Applications.

  2. Locate VmwareWorkspace One in the list and from the Edit option, select Export Metadata.

Configure Vmware Workspace One

Perform these steps to configure Vmware Workspace One as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Logon to VMware Identity Manager Administrator console and browse to Identity & Access Management > Identity Providers

  2. Click Add Identity Provider and then click Create SAML IDP

  3. Click and download Service Provider (SP) Metadata

  4. Configure the Workspace Oneas Service Provider as follows

    sso02_624x562.png

    ss03_624x469.png

    ss04_624x362.png

    1. Identity Provider Name - Add a name to Identity Provider ex. RSA SecurID

    2. Binding Protocal - HTTP Redirect

    3. SAML Metadata - Import the RSA SecurID Cloud Authentication Service Metadata which is exported from IDP configuration and click Process IDP Metadata

    4. Name ID Policy in SAML Request - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    5. Check the Send Subject in SAML Request.

    6. Check the Use Name ID format mapping for Subject.

    7. Network - Check the networks this IdP can be accessed from.

    8. Authentication Methods - Add a Auth Method with SAML context as urn:oasis:names:tc:SAML:2.0:ac:classes:Password

  5. Click Save

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the SAML SSO Agent configuration to your use case.

 

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?