This section describes how to integrate SecurID Access with MyWebTimesheets using a SAML SSO Agent.
Configure SecurID Access Cloud Authentication Service
Perform these steps to configure Cloud Authentication Service as an SSO Agent SAML IdP to MyWebTimesheets.
Sign into the Cloud Administration Console and browse to Applications > Application Catalog.
Search for MyWebTimesheets and click on +Add.
On Basic Information page enter a Name for the application, ie. MyWebTimesheets Then click on Next Step.
On Connection Profile page.
In Connection URL field copy the value for the Identity Provider URL found further down the page.
For Binding Method for SAML Request choose Redirect.
Scroll down to SAML Identity Provider (Issuer) section.
Note the Identity Provider URL and Issuer Entity ID. These values are automatically generated. They may be needed later for the configuration of MyWebTimesheets.
Click on Generate Cert Bundle, set a a common name for your company certificate. Then click Generate and Download
Select Choose File and upload the private key from the generated certificate bundle.
Select Choose File and upload the cert.pem from the generated certificate bundle.
Select Include Certificate on Outgoing Assertion.
Scroll down to Service Provider section
Enter the Assertion Consumer Service (ACS) update the URL using the DOMAIN for your instance of MyWebTimesheets. This can also be obtained from the Consumer Service URL (ACS) in the MyWebTimesheets configuration below. For example, https://VAGCDS.MyWebTimesheets.com/samllogin.aspx.
Enter the Audience (Service Provider Issuer ID) update the URL using the DOMAIN for your instance of MyWebTimesheets. This can also be obtained from the EntityID in the MyWebTimesheets configuration below. For example, https://VAGCDS.MyWebTimesheets.com.
Scroll down to User Identity section
Ensure Identifier Type = Email Address, set your Identity Source and Property = mail.
Click Next Step.
On User Access page select the Access Policy you require. Allow All Authenticated Users is the least restrictive. Click Next Step
On Portal Display Page.
Select Display in Portal.
Upload an Application Icon if you wish.
Set an Application Tooltip if you wish.
Click on Save and Finish
Click on Publish Changes. Your application is now enabled for SSO. If you make any additional changes to the application configuration you will need to republish.
Perform these steps to integrate MyWebTimesheets with SecurID Access as a SAML SSO Agent.
Sign into MyWebTimesheets as Admin and browse to Settings > Security Management > Company SAML Settings.
In the SAML Configuration, note the Consumer Service URL (ACS) and EntityID they are used above in the SecurID Access Cloud Authentication Service configuration above.