Add Cloud Identity Provider
You can add a SAML 2 identity provider as a Cloud identity provider to automatically provide authentication for users who access cloud applications, such as My Page.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- A SAML 2-capable IdP must be available in your environment .
- Obtain the certificate.pem file from the IdP administrator. Cloud Access Service (CAS) uses this certificate to validate the signed assertion or response from the IdP.
Procedure
In the Cloud Administration Console, click Users > Identity Providers.
Under Cloud Identity Providers, click Add.
In the Name field, enter a name for the new IdP or leave the default name.
(Optional) In the Description field, enter a description for the identity provider.
In the Issuer ID field, enter the idp_id (IdP identifier) string. The Issuer ID string, sometimes called the IdP Entity ID, will be provided to you by the IdP administrator. An example string is 7k3hslw5u8pw2.
In the Issuer URL field, enter the URL to which RSA sends requests.
In the Audience ID field, enter the value that the identity provider inserts into SAML assertions to indicate who the assertions are intended for.
The Audience ID must be an alphanumeric string with no special characters.This value must match the Audience ID you specify on the SAML 2 identity provider.In the Assertion Consumer Service (ACS) URL field, enter an ACS URL for the SAML 2 identity provider.
This value must match the ACS URL you specify on the SAML 2 identity provider.Use the following format: https://ServiceProvider.example.com/ ecp_assertion_consumer.(Optional) In the Requested Authentication Context field, enter the context (a set of rules that authentication must follow).
(Optional) In the Customize the text end users will see when authenticating using this Identity Provider field, enter the instructions that users can follow to authenticate. This text will appear on the Authentication page to guide users when they authenticate.
Select Sign Request if the service provider (RSA) signs the SAML request.
Selecting this option ensures that the IdP only accepts signed requests from the SP and rejects non-signed requests from the SP.
If you selected Sign Request, click Download Certificate to download the SAML request signing certificate for this IdP and securely send it to the IdP administrator.
Upload the certificate file you received from the IdP administrator (for example certificate.pem) to validate signed identity assertions from the IdP. Click Choose File. Select the certificate file you received from the IdP administrator, and click OK.
Select the Cloud IdP Icon to represent the identity provider in the application portal. Use the default icon, or click Change Icon to upload a different one.
Click Save and Finish to exit the wizard.
(Optional) Click Publish Changes to activate the settings immediately.
Related Articles
Add an Operations Console Administrator Number of Views Manage Applications Number of Views Manage Relying Parties Number of Views Planning to Add an Application Using HTTP Federation Proxy Number of Views Robin - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
