Zimbra integration with RSA Via Access
Originally Published: 2016-09-16
You should be able to use the SAML template to connect to Zimbra. It's been a while since I've set this up, but here are the basics:
In the Access Administration Console: Applications > Application Catalog > Create from Template > SAML Direct
- Connection URL: Enter the URL of the protected resource at the service provider that will initiate the SAMLRequest. For example: https://mailbox.mycompany.com
- You'll need to specify your own BenefitFocus PartnerIdpId and URL-encoded BenefitFocus URL as the TargetResource
- SP-initiated
- Binding Method for SAML Request: POST (default)
- Request not signed (default)
- Identity Provider URL: Use the default, such as https://portal.sso.example.com/IdPServlet?idp_id=1q2w3e4r5t6y7
- Issuer Entity ID: Use default, such as 1q2w3e4r5t6y7
- Upload the private.key to sign the SAMLResponse, and the corresponding cert.pem
- Zimbra doesn't need us to include the certificate in the outgoing assertion
- Service Provider
- Assertion Consumer Service (ACS) URL: Varies by company, but for example: https://mailbox.mycompany.com/service/extension/samlreceiver
- Audience (Service Provider Entity ID): Typically the same as the ACS URL, for example: https://mailbox.mycompany.com/service/extension/samlreceiver
- User Identity
- NameID Identifier Type: Subject
- Select the attribute containing the Zimbra ID (for example, the AD ‘mail')
- NameID Identifier Type: Subject
On the Zimbra side, you'll need to configure it according to current Zimbra product documentation, but it will be something like this:
Login to your Zimbra server and follow the Zimbra Documentation to configure SAML: Authentication/SAML - Zimbra :: Tech Center
- As the 'root' user:
- mkdir /opt/zimbra/lib/ext/saml
- cp /opt/zimbra/extensions-network-extra/saml/samlextn.jar /opt/zimbra/lib/ext/saml/
- As the 'zimbra' user:
- add the cert.pem (from the SAML certificate bundle zip file) to the configuration:
- cat cert.pem |xargs -0 zmprov md mailbox.mycompany.com zimbraMyoneloginSamlSigningCert
- specify the login & logout URLs:
- zmprov md mailbox.mycompany.com zimbraWebClientLoginURL https://portal.sso.example.com/IdPServlet?idp_id=1q2w3e4r5t6y7
- zmprov md mailbox.mycompany.com zimbraWebclientLogoutURLhttps://portal.sso.example.com/
- Restart Zimbra services:
- zmcontrol stop; zmcontrol start
- Confirm settings:
- zmprov gd mailbox.mycompany.com
- You should see the zimbraWebClientLoginURL, zimbraWebClientLogoutURL, and zimbraMyoneloginSamlSigningCert settings configured with the values specified, above.
- zmprov gd mailbox.mycompany.com
- add the cert.pem (from the SAML certificate bundle zip file) to the configuration:
This document was generated from a Discussion posted around Zimbra integration with RSA Via Access.
Related Articles
Change the display pictures of the software token profiles on RSA Authentication Manager 8.x Security and Self-Service con… Number of Views In the General Settings associations page clicking reset creates System Internal Error Number of Views Manage OAuth API Clients Number of Views Cloud Administration Generate and Download Report APIs Number of Views Cloud Administration Event Log API Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
