This section describes how to integrate Federated Directory with RSA Cloud Authentication Service using IDR SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using IDR SSO.

Procedure

1. Log on to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Click Create from Template, and select SAML Direct on the next window.
3. Choose Identity Router in the Basic Information section.
4. Provide the name and description and click Next Step.
   
5. Navigate to Initiate SAML Workflow section.
   

   In the Connection URL field, verify the default setting.

6. Choose IDP-initiated or SP-Initiated. Choose the applicable.
   
7. Scroll down to SAML Identity Provider (Issuer) section.
   
   
   1. Identity Provider URL is automatically generated.
   2. Issuer Entity ID is automatically generated.
   3. Select Choose File and upload the private key.
   4. Select Choose File to import the public signing certificate.
8. Scroll down to the Service Provider section and enter below details:
   1. Assertion Consumer Service (ACS) - https://api.federated.directory/v2/Login/Saml2/<Directory ID>/Acs
   2. Audience (Service Provider Issuer ID) – federated.directory/<Directory ID>
9. Scroll down to the user identity section and select the following:
   1. Identifier Type – Email Address
   2. Identity Source – select your user identity source.
   3. Property – mail
10. Click Next Step.
11. On the User Access page, select the access policy that the identity router will use to determine which users can access the application.
    
12. Click Next Step.
13. On the Portal Display page, configure the portal display and other settings.
14. Click Save and Finish.
15. Click Publish Changes.
    

Configure Federated Directory

Perform these steps to configure Federated Directory.

Procedure

1. Log on to your Federated Directory account.
2. Navigate to Directories, then click CREATE DIRECTORY.
   
3. Provide your new directory a name and a short description, then click CREATE DIRECTORY.
4. Go to the Settings tab and copy the Id value. This value will be used in the ACS URL which will be added in RSA.
5. Select the options of Federated Directory Accounts and SAML.
6. Provide the value of IdP entity id generated in RSA and paste it on the Login URL.
7. Paste the certificate value copied from the certificate generated (Step 7 of the previous section).
8. Remove the begin certificate and end certificate comment before pasting.
   

Notes

User creation for testing requires selecting the option of Federated Directory accounts. For creating the user, perform the following steps. 

1. Go to the Users tab and click CREATE USER.
   
2. Set the same password as in RSA for testing purposes.

To test  the SP initiated flow, go to https://www.federated.directory/of/<your-company-name>

Configuration is complete.

Return to main page .