Configure RSA Cloud Authentication Service

1. Sign in to RSA Cloud Administration Console.
2. Click Authentication Clients > Relying Parties.                                                                                                                                            
3. On the My Relying Parties page, click Add a Relying Party.                                                                                                                   
4. On the Relying Party Catalog page, click Add for Generic OIDC.                                                                                                             
5. On the Basic Information page, enter the name for the Service Provider in the Name field.
6. Click Next Step.
7. On the Authentication page, choose SecurID Access manages all authentication.
8. In the Primary Authentication Method list, select your desired login method as either Password or SecurID.
9. In the Access Policy list, select a policy that was previously configured.                                                                                                  
10. Click Next Step.
11. Under Connection Profile, provide the following details: 
    1. Authorization Server URL is auto-populated. 
    2. Redirect URL is obtained from 1Password (see next section).
    3. Provide a Client ID.
    4. Select Client Authentication Method as Not Selected.
    5. Provide the following scopes: openid, profile, and email (scopes should be added in advance. See Notes.)
    6. Provide the following claims: sub, name, and email (claims should be added in advance. See Notes.)                                            
12. Click Save and Finish.
13. Click Publish Changes.

Notes

1. To add scopes, click Access > OIDC Settings.                                                                                                                                        
2. Click the Scopes tab and add the following scopes.                                                                                                                     
3. Click Save Settings.
4. To add claims, click the Claims tab and add the following claims.                                                                                                              
5. Click Save Settings.
6. Click Publish Changes.

Configure 1Password

1. Sign in to 1Password admin console.
2. In the right pane, click Policies, and then click Configure Identity Provider.                                                                                                 
3. Select Other in the Identity Provider drop-down list and provide a valid name. 
4. Provide the following details from the configuration done on RSA Cloud Administration Console.
   1. Client ID: Client ID name given in the connector configuration on the RSA side.
   2. Well-known URL: Use the following URL. 
      https:// <your RSA tenant> /sso/oidc/.well-known/openid-configuration
5. Copy the Redirect URL and paste it into the connector created.
6. Save and publish the connector before proceeding to the next step.
7. Click Test Connection to verify the configuration. The user will be redirected to RSA where user details need to be provided. (This user should be configured on the RSA side). The connection should be successful.
8. Save the configuration.