This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Integrations

Cisco ISE 3.2 - SAML My Page SSO Configuration - RSA Ready Implementation Guide

This section describes how to integrate Cisco ISE with RSA Cloud Authentication Service using My Page SSO.

Procedure

  1. Enable SSO Portal Settings on Cloud Administration Console > Access > My Page > Single Sign-On (SSO).
  2. Enable two factor authentication by using Password and Access Policy.
    AjithkumarSID_0-1680168116496.png
  3. In Cloud Administration Console, click Applications > Application Catalog and search for Cisco ISE and click Add.
    AjithkumarSID_1-1680168141862.png
  4. Choose Cloud in the Basic Information section
    AjithkumarSID_2-1680168167136.png
  5. Under the Initiate SAML Workflow section, select SP-initiated option. Import the Metadata that was collected in the Cisco ISE Admin GUI and copy and paste the ACS URL into the Connection URL.
    AjithkumarSID_3-1680168194987.png
  6. In the Message Protection section, do not choose to mark SP signs SAML requests checkbox, this is not compatible as Cisco ISE does not send the Destination attribute in the SAML request.
    AjithkumarSID_4-1680168219563.png
  7. In the SAML Response Protection section, choose to Sign the SAML assertion only or the whole SAML response. You can also use your own certificate for signing and choose to override the default signing.
    AjithkumarSID_5-1680168245893.png
  8. Choose Encrypt Assertion if needed.
    Note: You can use the same certificate created in Step 7.
    AjithkumarSID_6-1680168271007.png
  9. In the User Identity section, select the NameID Identifier Type as emailAddress and Property as mail or UPN. You can optionally return the groups that the user is part of on Cisco ISE by mapping attribute value to the virtualGroups property in the Statement Attributes section.
    AjithkumarSID_7-1680168298653.png
  10. Click Next Step.
  11. Choose your desired Access Policy for this application.
    AjithkumarSID_8-1680168328225.png
  12. Click Publish Changes.
  13. In the Portal Display section, do not select the Display in Portal check box since the Cisco ISE does not support IdP initiated SAML SSO.
    AjithkumarSID_9-1680168356047.png.
  14. Click Next Step > Save and Finish and select Publish Changes.
  15. Browse to Applications > My Applications, search for the Cisco ISE application, expand options, and click Export Metadata.
    AjithkumarSID_10-1680168382534.png
  16. Open the Metadata file in a notepad and copy the entityID URL and use it to replace both, the SingleSignOnService Binding URL for HTTP-Redirect and HTTP-POST.
    Note    : Ensure all the three URLs should be same.
    AjithkumarSID_11-1680168426974.png
    AjithkumarSID_12-1680168438853.png
  17. Sign into Cisco ISE Admin GUI > Administration > System > Certificates > Trusted Certificates and click Import. You should import the CA certificate(s) that correspond to the Certificate for SAML used in Step 7.
    AjithkumarSID_13-1680168461291.png
  18. Ensure to mark the Usage as shown in the image.
    AjithkumarSID_14-1680168492755.png
  19. Go to System Certificates and import the Certificate and Private key from Step 7. This helps you validate the SAML Response Signature and/or the Encrypted Assertion from RSA. Select SAML and click Submit.
    AjithkumarSID_15-1680168511985.png
  20. Go to Administration > Identity Management > SAML Id Providers > Choose your SAML Cloud SSO Application > Identity Provider Config. Import the edited Metadata file from Step 16.
  21. Click Save.
    AjithkumarSID_16-1680168537564.png
  22. Go to the Groups section and set the Groups value as in Step 9. Assign the RBAC based on your you need.
    AjithkumarSID_17-1680168565237.png
  23. You can add more attributes if needed but RSA must return them as in Step 9.
    AjithkumarSID_0-1681279668493.png
  24. In the Advanced Settings section, choose the Identity Attribute you need. For the Multi-value attributes, select “Each value in a separate XML element”.
    Note: You can sign the whole SAML response or only the assertion. You can also accept only Encrypted Assertions.
    AjithkumarSID_18-1680168604974.png

    AjithkumarSID_0-1681271287105.png
  25. Click Save.

Configuration is complete.

Return to the main page.

Labels (1)
Labels:
0 Likes
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎2023-04-12 02:08 AM
Updated by:
New Contributor New Contributor
Contributors

Related Content

Article Dashboard
© 2023 RSA Security LLC or its affiliates. All rights reserved.