Add Cloud Identity Provider
You can add a SAML 2 identity provider as a Cloud identity provider to automatically provide authentication for users who access cloud applications, such as My Page.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- A SAML 2-capable IdP must be available in your environment .
- Obtain the certificate.pem file from the IdP administrator. Cloud Access Service (CAS) uses this certificate to validate the signed assertion or response from the IdP.
Procedure
In the Cloud Administration Console, click Users > Identity Providers.
Under Cloud Identity Providers, click Add.
In the Name field, enter a name for the new IdP or leave the default name.
(Optional) In the Description field, enter a description for the identity provider.
In the Issuer ID field, enter the idp_id (IdP identifier) string. The Issuer ID string, sometimes called the IdP Entity ID, will be provided to you by the IdP administrator. An example string is 7k3hslw5u8pw2.
In the Issuer URL field, enter the URL to which RSA sends requests.
In the Audience ID field, enter the value that the identity provider inserts into SAML assertions to indicate who the assertions are intended for.
The Audience ID must be an alphanumeric string with no special characters.This value must match the Audience ID you specify on the SAML 2 identity provider.In the Assertion Consumer Service (ACS) URL field, enter an ACS URL for the SAML 2 identity provider.
This value must match the ACS URL you specify on the SAML 2 identity provider.Use the following format: https://ServiceProvider.example.com/ ecp_assertion_consumer.(Optional) In the Requested Authentication Context field, enter the context (a set of rules that authentication must follow).
(Optional) In the Customize the text end users will see when authenticating using this Identity Provider field, enter the instructions that users can follow to authenticate. This text will appear on the Authentication page to guide users when they authenticate.
Select Sign Request if the service provider (RSA) signs the SAML request.
Selecting this option ensures that the IdP only accepts signed requests from the SP and rejects non-signed requests from the SP.
If you selected Sign Request, click Download Certificate to download the SAML request signing certificate for this IdP and securely send it to the IdP administrator.
Upload the certificate file you received from the IdP administrator (for example certificate.pem) to validate signed identity assertions from the IdP. Click Choose File. Select the certificate file you received from the IdP administrator, and click OK.
Select the Cloud IdP Icon to represent the identity provider in the application portal. Use the default icon, or click Change Icon to upload a different one.
Click Save and Finish to exit the wizard.
(Optional) Click Publish Changes to activate the settings immediately.
Related Articles
Add a Trusted Realm Number of Views SCIM API for User Modification Number of Views Security scan shows a possible denial of service vulnerability Number of Views Add an Authentication Agent Number of Views Which PKI credentials are stored on a RSA SecurID Smart Card 3100 and which standards does it follow? Number of Views
Trending Articles
RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide Module "SecurIDModule" could not be found message displayed in the web browser
