Relying Party Configuration - Illumio SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-08-26

Relying Party Configuration - Illumio SecurID Access Implementation Guide

This section contains instructions on how to integrate SecurID Access with Illumio using Relying Party. Relying party uses SAML 2.0 to integrate SecurID Access as a SAML Identity Provider (IdP) to Illumio SAML Service Provider (SP).

Architecture Diagram

Admin_Dharani_0-1630006250048.png

 

SecurID Cloud Authentication Service

Follow the steps in this section to configure SecurID Cloud Authentication Service as a Relying Party SAML IdP to Illumio .

Procedure

1. Logon to the Cloud Administrative Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

Admin_Dharani_1-1630006360519.png

 

3. Click the Add a Relying Party button on the My Relying Parties page.

Admin_Dharani_2-1630006391661.png

 

4. From the Relying Party Catalog select the +Add button for Service Provider SAML.

Admin_Dharani_3-1630006421087.png

 

5. Enter a name for the Service Provider in the Name field on the Basic Information page.

6. Click the Next Step button.

7. On the Authentication page, select RSA SecurID Access manages all authentication.

8. From the Primary Authentication Method pulldown, select your desired login method either Password or SecurID.

9. From the Access Policy pulldown select a policy that was previously configured.

Admin_Dharani_4-1630006454367.png

 

10. Select Next Step.

11. Select Enter Manually.

Admin_Dharani_5-1630006479564.png

 

12. Enter the Assertion Consumer Service (ACS) URL found on the Illumio’s Single Sign-On Configuration page.

13. Enter the Illumio Issuer in the Audience (Service Provider Entity ID) field.

Admin_Dharani_6-1630006507076.png

 

14. Under IdP Signs select Entire SAML response.

Admin_Dharani_7-1630006766801.png

 

15. Select Download Certificate.

16. Select Show Advanced Configuration. Under Attribute Extension add attributes Email Address, User.FirstName, User.LastName, and UserMemberOf.

Admin_Dharani_8-1630006795545.png

 

17. Select Save and Finish.

18. On the My Relying Parties page, select the Edit pulldown and select View or Download IdP Metadata.

19. View the metadata file to find the Cloud Identity Provider Entity ID . Location=https://<company_IDP_Instance>.securid.com/saml-fe/sso. This is the Cloud IDP URL.

20. Navigate to Users > Identity Sources.

Note: Perform the following steps to all Identity Sources used in the policy.

21. Select Edit for the Identity Source used in the Policy.

22. On the User Attributes page, verify that the Synchronize the selected policy attributes with the Cloud Authentication Service is checked.

23. In the Policies column verify that attribute mail, sn, givenName, and memberOf are checked.

Admin_Dharani_9-1630006825815.png

 

24. Click Next Step.

25. Click Save and Finish.

26. On the top menu click Publish Changes.

Admin_Dharani_10-1630006947496.png

 

Illumio

Follow the steps in this section to configure Illumio as a Relying Party SAML SP to SecurID Cloud Authentication Service.

Procedure

  1. Login into the Illumio administration console.

  2. Navigate to Access Management > Authentication.

  3. Select SAML then click Configure.

  4. Click Edit.

  5. Paste the Cloud certificate in the SAML Identity Provider Certificate field.

  6. Enter the Cloud IDP URL in the Remote Login URL field.

  7. Enter a Logout Landing URL (optional).

  8. In the Authentication Method select Password Protected Transport.

  9. Click Save.

Configuration is complete.

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?