Configure RSA Cloud Authentication Service

1. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.                                                                                       
2. On the Applications > Application Catalog page, search for HelpScout and click Add to add the connection.                                          
3. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                                  
4. On the Connection Profile page, click the IdP-initiated option.                                                                                                                      
5. Provide the Service Provider details in the following format: 
   1. ACS URL: https://helpscout.auth0.com/login/callback?connection=<Company Name>171220-sso-saml.
   2. Service Provider Entity ID: urn:auth0:helpscout:<Company Name>171220-sso-saml.
      Refer to the Configure Help Scout section to obtain the ACS URL and Entity ID.                                                                            
6. In the SAML Response Protection section, choose IdP signs assertion within response.
7. Download the certificate by clicking Download Certificate.                                                                                                                             
8. Click Show Advanced Configuration.
9. Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.                                                                                                                                                                 
10. Under the Statements Attributes section, add the attribute that is shown in the following figure.                                                             
11. Click Next Step.
12. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                              
13. On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.                      
14. Click Publish Changes. Your application is now enabled for SSO.                                                                                                                

Configure Help Scout

1. Log on to Help Scout with administrator credentials - https://secure.helpscout.net/members/login/.
2. Navigate to Manage > Company.                                                                                                                                                               
3. Under the Company section, select Authentication.                                                                                                                                   
4. Click the Enable SAML toggle button and provide the following details:
   1. Single Sign-On URL - The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
   2. X.509 Certificate - Upload the certificate downloaded from RSA.                                                                                     
5. Click Test Connection and click Save.                                                                                                                                                           
6. Scroll down to copy ACS URL and Entity ID. These two values will be used in the RSA configuration.