Cloud Authentication Service Quick Setup Guide for My Page SSO

This guide helps you quickly set up your production deployment for the Cloud Authentication Service and add authentication and single sign-on (SSO) for applications using My Page SSO.

If you have completed a deployment with another Quick Setup Guide and want to set up the deployment described in this guide, skip the steps you have already completed.

Step 1: Configure Company Information and Certificates

Step 2: Add an Access Policy

Step 3: Enable My Page

Step 4: Protect a Resource

Step 5: Test

Step 1: Configure Company Information and Certificates

This step is mandatory if you are deploying HTTP Federation Proxy, Trusted Header, or NTLM applications.

Procedure

  1. In the Cloud Administration Console, click My Account > Company Settings and select the Company Information tab.

  2. Enter the Protected Domain Name.

  3. Upload the following files:

    • The Private Key that matches the public certificate. Ensure that the private key is not password protected.
    • The Public Certificate that was issued from the certificate authority (CA) for your domain. Use a wildcard certificate.
    • The Certificate Chain that was provided by the CA, which is valid for your public certificate.

  4. Click Save Settings.

Step 2: Add an Access Policy

Create an access policy that you will assign to SecurID My Page (a web portal used for authenticator registration) when you configure it. For simplicity, this access policy will not require additional authentication of users. You can change this policy in the future.

Perform these steps to add a policy using only required settings. If you want to set up a more complex policy, see Add an Access Policy.

Procedure

  1. Sign in to the Cloud Administration Console.
  2. Click Access > Policies.
  3. Click Add a Policy.
  4. Enter the name (for example, No Additional Authentication), and select the identity source.

  5. On the Rule Sets page, do the following:

    1. In Apply to, select All Users.
    2. In the Access, specify Allowed.
    3. In Additional Authentication, select Not Required.

    securid_ngx_g_no_additional_auth.png

  6. Click Save and Finish.

  7. Click Publish Changes.

Step 3: Enable My Page

SecurID My Page is a web portal that helps provide a secure way for users to complete authenticator registration. Perform these steps to enable My Page for your company. If you want to configure advanced settings for My Page, see Manage My Page.

Procedure

  1. In the Cloud Administration Console, click Access > My Page.

  2. In the Self Service tab, enable Self-Service.

  3. Write down your My Page URL.

  4. In the Access Policy for Additional Authentication drop-down list, select the No Additional Authentication policy that you created earlier.

  5. In the Single Sign-On (SSO) tab, enable SSO Portal Settings.

  6. In the Primary Authentication Method drop-down list, select the authentication method to use.

  7. In the Access Policy for Additional Authentication drop-down list, select the No Additional Authentication policy that you created earlier.

  8. Click Save.

Step 4: Protect a Resource

The Application Catalog in the Cloud Administration Console provides connection templates for popular web applications such as Cisco WebEx, Salesforce, and Microsoft Outlook Web Access. These applications require minimal configuration to enable them for single sign-on (SS0) through the application portal. In the configuration wizard, select the preconfigured policy All Users Low Assurance Level as the access policy.

For instructions for all supported applications, see the SecurID category on RSA Ready.

You can also configure a custom application connection using one of the following connector templates: SAML Direct, HTTP Federation Proxy, or Trusted Headers.

Note: For HTTP Federation Proxy and Trusted Headers, Step 1 must be completed.

Step 5: Test

Register a Device with the SecurID Authenticate App

Perform these steps to quickly register a device. For additional information, see Registering Devices with SecurID Authenticate App.

Procedure

  1. On one device (for example, your computer), do the following:

    1. Go to SecurID My Page.

    2. Enter your email address.

    3. Enter your SecurID passcode or password, depending on what you configured.

    4. Complete any additional authentication that you are prompted for.

    5. Click SecurID Authenticate app >Get Started.

  2. On another device ( iOS, Android, or Windows 10 ), download the SecurID Authenticate app:

  3. On your computer, on the Registration page, click Next.

  4. On your mobile device, do the following:

    1. Open the SecurID Authenticate app.

    2. Tap Allow to allow the Authenticate app to send notifications.

    3. Allow or deny Google Analytics data collection. You can select either option to use the Authenticate app.

    4. Accept the license agreement.

    5. Tap Scan QR Code.

    6. Allow the app to access your camera.

    7. Scan the QR code that displays in My Page.

    8. Tap OK after setup is complete.

    9. Swipe through the tutorial.

    10. The app home screen appears, and the app is ready for use.

  5. On your computer, on the Registration page, click Test Now.

  6. SecurID sends a notification to your registered device.

  7. On your mobile device, tap the notification and approve it.

  8. The My Page home screen displays. You have successfully registered and tested your device.

Sign Into the Protected Resource

Procedure

  1. Start the sign-in process to the protected resource.

    SecurID sends a notification to your phone.

  2. Tap Approve on your mobile device.

  3. Select Remember this browser, and click Continue.

    You are signed into the resource.