This section describes how to integrate RSA SecurID Access with Firehydrant using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Firehydrant SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Firehydrant .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

   

1. Click the Add a Relying Party button on the My Relying Parties page.

   

1. From the Relying Party Catalog select the +Add button for Service Provider SAML.

   

1. Enter a Name for the Service Provider in the Name field on the Basic Information page.

   

2. Click the Next Step button.

3. On the Authentication page, select RSA SecurID Access manages all authentication.

4. Select your access policy from the Access Policy for Additional Authentication drop-down menu.

   

5. Select Next Step.

6. For Connection Profile page's Service Provider Metadata section, enter the following information:

   

1. Assertion Consumer Service (ACS) URL Enter the url: https://app.firehydrant.io/sso/saml/consume.

2. Service Provider Entity ID - Enter the url: https://app.firehydrant.io/sso/saml/consume.

1. Select Default Service Provider Entity ID in Audience for SAML Response section.

   

1. Download Certificate and click Choose File and attach the .PEM file in the configuration. This certificate will be required in Step 5 of the Configure SAML in Firehydrant section.

   

2. Click Show Advanced Configuration and configure User Identity with the following values:

   

1. Identifier Type : Auto Detect

2. Property : Auto Detect

1. In the Attribute Extension section, click on +Add button and add the following two attributes:

   a. Attribute Name : lastName, Identity Source : your identity source, Property : sn.

   b. Attribute Name : firstName, Identity Source : your identity source, Property : givenName.

   

2. Click Save and Finish.

3. Click Publish Changes

   

1. Navigate to Authentication Clients > Relying Parties and locate Firehydrant in the list and from the Edit option, select View or Download IdP Metadata and note the entityID. This will be required in Step 4 of the Configure SAML in Firehydrant section.

Configure SAML in Firehydrant

Perform these steps to configure Firehydrant as a Relying Party SAML SP to RSA Cloud Authentication Service.

Procedure

1. Log onto your Firehydrant account using administrative credentials.

2. Navigate to Organization > Single sign on.

   

3. On the Single Sign On page, click the checkbox Enable SSO. Additional fields will appear.

4. Enter the following URL values:

   

   1. In the Idp Login URL, enter the entityID fetched from Step 16 of Configure RSA Cloud Authentication Service section.

   2. In the IdP Issuer, enter the entityID fetched from Step 16 of Configure RSA Cloud Authentication Service section.

5. In the IdP X509 Certificate text area, enter the certificate text of the RSA certificate downloaded in Step 11 of Configure RSA Cloud Authentication Service section.

   

6. In the Domains section, click Add domain and enter your email domain. This is the email domain with which the user will login to Firehydrant via SAML.

   

7. Click Save.

Configuration is complete.

Return to the main page for more certification related information.