Configure RSA Cloud Authentication Service

Procedure 

1. Enable My Page SSO by accessing the RSA Cloud Admin Console > Access  > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.

   

2.  On the Applications > Application Catalog page, click Create From Template.

3. Select SAML Direct.                                                                                                                                                                                                                   
4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.   
5. In the Connection Profile section, click the IdP-initiated option.  
6. For providing Service Provider details select Import Metadata and click Choose File. Select the file which is downloaded from the Service Provider. Refer Configure Keeper Security section to obtain metadata file.  
7. Review the ACS URL and Service Provider Entity ID values that are auto populated.  

8. In the SAML Response Protection section, select IdP signs assertion within response.  
9. Download the certificate by clicking on Download Certificate.  
10. Select Show Advanced Configuration, under  the User Identity section select Auto Detect in the Identifier Type and Property from the options in the drop down list.                                                                                                                                                                       
11. Under the Statement Attributes section add the following Attribute.
12. Click Next Step.

13. Choose your desired Access Policy for this application and click Next Step > Save and Finish.

14. On My Applications page click on the dropdown and select Export Metadata to download the metadata.

15. Click Publish Changes. After publishing, your application is now enabled for SSO.

Configure Keeper Security

1. Login to Keeper Security admin console.
2. Click on Admin, under Node section click on Add Node.                                                                                                                                      
3. Provide a Name and click Add Node.                                                                                                                                                                                        

4. Under the Provisioning section, click Add Method.
5. Select Single Sign-On with SSO Connect Cloud and click Next.

6. Provide a Configuration Name and Enterprise Domain - typically this will be your company name, the Enterprise Domain name needs to be unique, and click Save.                                                                                                                                                                                                   

7. Under the Identity Provider section, click Browse Files and upload the metadata file downloaded from the RSA platform.

8. Go back to the Provisioning page by clicking the arrow.

9. Click View.                                                                                                                                                                                                                             

10. Click on Export Metadata to download the metadata file (this file will be used to configure the RSA platform).