Article Number
000037664
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: RSA Cloud Authentication Service
Issue
This article explains how to integrate the RSA Cloud Authentication Service as an Identity Provider for
KnowBe4 using SAML SSO.
Resolution
After contacting KnowBe4 customer support to enable SAML for your account, complete the steps below.
- Log into your Cloud Administration Console.
- Navigate to Applications > Application Catalog.
- Click Create From Template and select SAML Direct.
- In the Basic Information section, give a name to your new application and click Next Steps.
- In the Connection Profile section, make sure you follow these configuration requirements:
- Binding Method should be IdP-Initiated.
- Copy the Identity Provider URL and provide it to KnowBe4 support.
- Find the SAML Response Signature certificate SHA1 Fingerprint and provide it to KnowBe4.
- Make sure that Include Certificate in Outgoing Assertion is checked.
- For the ACS URL, use the SAML Callback URL found in your KnowBe4 Account Settings. That is,
- For Service Provider Entity ID, use KnowBe4 (note that this string is case sensitive).
- For NameID, Identifier Type select Email Address and for Property select mail.
- Click Show Advanced Configuration to expand that section.
- Under Attribute Extension, make sure that Attribute Name is not left empty.
- Under Sign Outgoing Assertion, select Assertion within response.
- Click Next Steps.
- In the User Access section, choose Allow all authenticated users or select an Access Policy.
- Click Next Steps.
- Change the icon and add an Application Tooltip if you want.
- Click Save and Finish.
- Click Publish Changes.
