This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 7.x
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise 7.x
      • RSA® Adaptive Authentication On-Premise 14.x
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® Identity Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Identity Governance & Lifecycle experts.
  • RSA Link
  • :
  • Products
  • :
  • RSA SecurID Suite
  • :
  • RSA Identity Governance & Lifecycle
  • :
  • Knowledge Base
  • :
  • How to implement SAML SSO Authentication with Micr...
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content

How to implement SAML SSO Authentication with Microsoft Azure Active Directory and RSA Identity Governance & Lifecycle

Article Number

000039158

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0
 

Issue

RSA Identity Governance & Lifecycle supports using an external SAML SSO source as the IDP for authentication. This RSA Knowledge Base Article describes how to configure Microsoft Azure Active Directory Identity Source as an Identity Provider (IDP) for SAML authentication with RSA Identity Governance & Lifecyle as the Service Provider (SP).
 

Resolution

To configure Microsoft Azure Active Directory as an IDP for SAML authentication with RSA Identity Governance & Lifecyle, follow the steps below:


Configure Microsoft Azure

  1. Log into the Microsoft Azure portal as an administrator.
  2. Select Azure Active Directory from the left-hand menu.
  3. Select Enterprise Applications from the left-hand menu.
  4. Click the New Application button and define a new application.

The new application should be of type Non-gallery application.

Image descriptionImage description

  1. Choose a name such as RSA Identity Governance & Lifecycle.
  2. After the application has been created, select the new application RSA Identity Governance & Lifecycle in the Enterprise applications | All Applications menu.
  3. Select single sign-on from the left-hand menu.
  4. Under Basic SAML Configuration: 
  1. AveksaURL - Enter a valid URL for the Reply URL (Assertion Consumer Service URL). This must be the URL ending in /aveksa/main for the hostname (not IP address) and port for the RSA Identity Governance & Lifecycle server. If you are using a proxy or load balancer, the name and port must be the one used by external parties to access the site.
  2. Enter a value for Identifier (Entity ID). This may be any unique value but it is recommended that this be the same URL string used above.
  3. Enter a value for Sign on URL.This may be any unique value but it is recommended that this be the same URL string used above. 
Image descriptionImage description
  1. Under User Attributes & Claims click the Edit icon.
Under Additional Claims:
  1. Identify the Claim name that exactly matches http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
  2. Click on this entry to edit it. 

Image descriptionImage description

  1. Identify a Microsoft AD User attribute that meets the following conditions.
  • Uniquely identifies the Microsoft AD user.
  • Is collected by the RSA Identity Governance & Lifecycle Identity Collector.
  • Uniquely matches the RSA Identity Governance & Lifecyle user to the Microsoft AD user. 
  1. UnifiedUserColumn - Identify a column in the RSA Identity & Governance T_MASTER_ENTERPRISE_USERS table that
  • Uniquely identifies the RSA Identity Governance & Lifecycle user.
  • Is collected by the RSA Identity Governance & Lifecycle Identity Collector.
  • Uniquely matches the Microsoft AD user to the RSA Identity Governance & Lifecycle user.

Most likely the AD attribute will be user.onpremiseaccountname and most likely this will match to the RSA Identity Governance & Lifecycle USER_ID column.

  1. Edit the Source attribute.
  2. From the pull down menu select the Microsoft AD User attribute you have chosen. 

Image descriptionImage description

Do not edit anything else on this screen.

  1. Click Save.

It is not necessary to make any other changes to the User Attributes & Claims section. Other attributes including the Required Claim attribute are ignored by RSA Identity Governance & Lifecycle. 

  1. Under SAML Signing Certificate:

IDP Certificate - Click the Download link for the Certificate (Base64) and save this file for use in a subsequent step.

Image descriptionImage description

  1. Under Setup RSA Identity Governance & Lifecycle:

IdentityURL- Copy the Login URL for use in a subsequent step.

Image descriptionImage description


Configure RSA Identity Governance & Lifecycle 

  1. In the RSA Identity Governance & Lifecycle user interface go to Admin > System > Authentication tab.
  2. Click Create Authentication Source

CAUTION: After creating or editing an Authentication Source, the RSA Identity Governance & Lifecycle server will need to be restarted for the changes to take effect. Note that if the authentication source is not functional and provisioning has not been made for an alternative authentication source, access to the server may not be possible.

  1. Select an authentication source name and choose the authentication type SSO SAML from the drown-down menu. 
  2. Click Next. This brings you to the Configuration Information screen.
  3. Enter a value for the UnfiedUserColumn. This should be the value decided upon in section 9d above. Typically this should be USER_ID.
  4. Enter a value for the IdentityURL.This should be the URL saved in section 11 above.   
  5. Accept the default value for SAMLAuthenticatorClass of com.aveksa.server.authentication.SAMLAuthenticatorImpl.
  6. Optionally (not required) enter a LogOffURL.  
  7. Enter the AveksaURL. This should be identical to the value used in section 8a above.
  8. For the IDP Certificate click the Choose File button and select the certificate file saved in section 10 above.

Image descriptionImage description

  1. Click Finish.

 

Notes

  • Microsoft Azure does not validate the RSA Identity Governance & Lifecycle Certificate.
  • For troubleshooting you can:
    • Use the Azure Test this application feature.
    • Use the Chrome Extension SAMLChrome Panel to examine the SAML request and response.
    • Enable DEBUG logging for the com.aveksa.server.authentication class. (Admin > Diagnostics > Logs tab.)

 
Tags (94)
  • 3rd Party
  • 3rd-Party
  • 7
  • 7.1
  • 7.1 Service Pack 1
  • 7.1 SP1
  • 7.1.0
  • 7.1.0.x
  • 7.1.1
  • 7.1.1.x
  • 7.1.x
  • 7.2
  • 7.2.0
  • 7.2.0.x
  • 7.2.x
  • 7.x
  • Admin
  • Admin Tutorial
  • Administration
  • Administrative
  • Auth
  • Authenticating
  • Authentication
  • Aveksa
  • Config
  • Configuration
  • Configure
  • Configuring
  • Customer Support Article
  • Delete Software
  • Helpful Hints
  • How To
  • Identity
  • Identity G&L
  • Identity Governance & Lifecycle
  • Identity Governance and Lifecycle
  • IG&L
  • IGL
  • Implementation
  • Implementing
  • Informational
  • Install
  • Install Process
  • Install Steps
  • Installation
  • Installation Process
  • Installing
  • Instructions
  • Integrate
  • Integrated
  • Integrating
  • Integration
  • Integration Steps
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • Login
  • management
  • Process Steps
  • Product Install
  • Product Integration
  • Remove Software
  • RSA Identity
  • RSA Identity G&L
  • RSA Identity Governance & Lifecycle
  • RSA Identity Governance and Lifecycle
  • Set Up
  • Setup
  • Software Removal
  • Third Party
  • Third-Party
  • Third-Party Integration
  • Tip &amp Tricks
  • Tips and Tricks
  • Tutorial
  • Un-install
  • Uninstall
  • Uninstall Software
  • Uninstallation
  • Uninstalling
  • Version 7
  • Version 7.1
  • Version 7.1.0
  • Version 7.1.0.x
  • Version 7.1.1
  • Version 7.1.1.x
  • Version 7.1.x
  • Version 7.2
  • Version 7.2.0
  • Version 7.2.0.x
  • Version 7.2.x
  • Version 7.x
  • Walk Through
  • Walkthrough
0 Likes
Was this article helpful? Yes No
Share
No ratings

In this article

Version history
Last update:
‎2020-12-12 09:39 AM
Updated by:
Administrator RSA-KB-Sync Administrator

Related Content

Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2021 RSA Security LLC or its affiliates.
All rights reserved.