This article describes how to configure Cloud Access Service (CAS) using SAML Relying Party.

Configure CAS

Perform these steps to configure Articulate Reach 360 as a Relying Party to RSA ID Plus.

Procedure

1. Sign in to RSA Cloud Administration Console.
2. Select the Authentication Clients > Relying Parties menu item at the top of the page.

3. Click the Add a Relying Party button on the My Relying Parties page.

4. From the Relying Party Catalog select the Add button for Service Provider SAML.

5. Enter a Name for the Service Provider in the Name field on the Basic Information page.

6. Click the Next Step button.
7. On the Authentication page, select SecurID Access manages all authentication.
8. From 2.0 Access Policy for Authentication pulldown select a policy that was previously configured. Click Next Step.

9. In the connection profile section, choose Enter Manually for the Data Input Method.

10. Navigate to the Service Provider section and enter the following details:
    1. ACS URL: Provided from Articulate Reach 360 during the configuration.
    2. Service Provider Entity ID: Provided from Articulate Reach 360 during the configuration.

11. In the Message Protection >  SAML Response Protection section, select IdP signs assertion within response. Download the certificate by clicking Download Certificate.

12. Expand the Show Advanced Configuration section, scroll down to the User Identity section and select the following:
    1. Identifier Type – Auto Detect.
    2. Property – Auto Detect.

13. In the Statement Attributes section, configure the attributes “email”, “firstName” and “lastName” as these are required by Articulate Reach 360.
    1. email -> Identity Source -> mail
    2. firstName -> Identity Source -> giveName
    3. lastName -> Identity Source -> sn

14. In the Identity Provider section and take a note of the Entity ID. This will be used later in Articulate Reach 360 Configuration section.

15. Click Save and Finish.
16. Click Publish Changes and wait for the operation to be completed.

17. After publishing, your application is now enabled for SSO. 

The Configuration is complete.

Configure Articulate Reach 360

Perform these steps to configure Articulate Reach 360 with RSA SecurID as a Relying Party.

Procedure

1. Log in to your provided tenant with an admin account. https://<Your_org_tenant>.reach360.com
2. From the Manage menu, navigate to Settings.
3. Go to Single sign-on (SSO) authentication and click Configure SSO.

4. On the Configure Single Sign-On (SSO) Authentication page, enter the following details:
   1. IDP SSO URL: Entity ID obtained in step 14 in the RSA configuration section.
   2. IDP Issue URI: Entity ID obtained in step 14 in the RSA configuration section.
   3. IDP Signature Certificate: Copy and paste the downloaded certificate in step 11 in the RSA configuration section.
   4. Response Signature Verification: Choose Assertion from the dropdown menu to match the signing of RSA of the assertion.

5. Click Save & Continue to SAML Info.
6. On the Your Reach 360 SAML Information page, copy the Assertion Consumer Service URL and Audience URI, the 2 values will be used in their respective fields in step 10 in the RSA configuration section.

7. Click Done. SSO is now configured on Articulate Reach 360 side.

The Configuration is complete.