This section describes how to integrate RSA Cloud Authentication Service with Federated Directory using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Federated Directory.

Procedure

1. Log on to RSA Cloud Administration Console.
2. On the Authentication Clients menu, click Relying Parties.
   
3. Click Add a Relying Party on the My Relying Parties page.
   
4. In the Relying Party Catalog, select +Add for Service Provider SAML.
   
5. On the Basic Information page, in the Name field, provide a name for the Service Provider.
6. Click Next Step.
7. On the Authentication page, click SecurID Access manages all authentication.
8. In the Primary Authentication Method list, select your desired logon method as Password or SecurID.
9. In the Access Policy list, select a policy that was previously configured.
   
10. Click Next Step.
11. Configure connection profile for Federated Directory via Enter Manually.
12. Scroll down to the Service Provider Metadata section.
    

    • ACL URL - https://api.federated.directory/v2/Login/Saml2/<Directory ID> /Acs

    • Service Provider Entity ID – federated.directory/<Directory ID>

13. Click Default Service Provide Entity ID.
    
14. Click Download Certificate and save the content of the certificate to be used when configuring the service provider. Click IdP signs assertion within response.
    
    
15. Configure User Identity for NAMEID mapping.
    

    Identity Type – Email Address

    Property - mail

16.  Click Save and Finish.
17. On the top menu click Publish Changes.

Configure Federated Directory

Perform these steps to configure Federated Directory.

Procedure

1. Log on to your Federated Directory account.
2. Navigate to Directories, then click CREATE DIRECTORY.
   
3. Provide your new directory a name and a short description, then click CREATE DIRECTORY.
4. Go to the Settings tab and copy the Id value .This value will be used in the ACS URL which will be added in RSA.
5. Select the options of Federated Directory Accounts and SAML.
6. Provide the value of IdP entity id generated in RSA and paste it on the Login URL.
7. Paste the certificate value copied from the certificate generated (Step 14 of the previous section).
8. Remove the begin certificate and end certificate comment before pasting.
   

Notes

User creation for testing requires selecting the option of Federated Directory accounts. For creating the user, perform the following steps.

1. Go to the Users tab and select CREATE USER.
2. Set the same password as in RSA for testing purposes.
   
3. To test the SP initiated flow, go to https://www.federated.directory/of/<your-company-name>

Configuration is complete.

Return to main page.