Jamf Pro - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
Originally Published: 2021-08-27
This article describes how to integrate Jamf Pro with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure
  1. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.                                                                               image.png
  2. On the Applications > Application Catalog page, click Create From Template.                                                                                    image.png
  3. Click Select for SAML Direct.                                                                                                                                                                            image.png
  4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                                 image.png
  5. In the Connection Profile section, click the IdP-initiated option.                                                                                                                    image.png
  6. Provide the Service Provider details in the following format: 
    1. ACS URL: https://<JAMF_PRO_URL>.jamfcloud.com/saml/SSO
    2. Service Provider Entity ID: https://< JAMF_PRO_URL>.jamfcloud.com/saml/metadata.
      Refer to the Configure Jamf Pro section to obtain JAMF_PRO_URL.                                                                                               image.png
  7. In the SAML Response Protection section, choose IdP signs assertion within response.
  8. Download the certificate by clicking Download Certificate.                                                                                                                            image.png
  9. Click Show Advanced Configuration.
  10. Under the User Identity section, configure Identifier Type and Property. For example, Identifier TypeAuto Detect and PropertyAuto Detect.                                                                                                                                                                  image.png
  11. Under the Statement Attributes section, provide the Attribute Name as http://schemas.xmlsoap.org/claims/Group and map the Property as virtualGroups (the values of virtualGroups must be configured as groups in Jamf Pro).                                                         image.png
  12. Click Next Step.
  13. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                               image.png
  14. On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.                                image.png
  15. Click Publish Changes. Your application is now enabled for SSO.                                                                                                                image.pngimage.png

Notes

Example for Mapping Groups.
In the Jamf Pro application, under the Users section, select Smart User Groups and create a group by providing group name and permissions.
image.png  
In RSA, under the Management section for the user add the same group name in Group Membership field which you have created in the Jamf Pro application. 
image.png

Configure Jamf Pro

Perform these steps to configure Jamf Pro.
Procedure
  1. Log on to Jamf Pro with administrator credentials.
  2. Navigate to Settings and select Single sign-on.                                                                                                                                       image.png
  3. Click the Single Sign-On Authentication toggle button.                                                                                                                            image.png
  4. Scroll down to the Identity Provider section, select the Other option from the drop-down menu and provide a Name for the provider.   image.png
  5. Do the following:
    1. Copy the Entity ID that contains JAMF_PRO_URL, which can be used to construct ACS URL.
    2. Select the Metadata File option and upload the metadata downloaded from RSA.                                                                    image.png
  6. Scroll down to the User Mapping section and do the following:
    1. Select NameID under Identity Provider User Mapping.
    2. Select Email under Jamf Pro User Mapping.
    3. Copy the Identity Provider Group Attribute Name that is used for configuring User Attributes in RSA.                                      image.png
  7. Click Save.                                                                                                                                                                                                      image.png
The configuration is complete.
Return to Jamf Pro - RSA Ready Implementation Guide.

Related Articles

Trending Articles

Don't see what you're looking for?