This section describes how to configure Microsoft Azure Active Directory as an IdP for My Page.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA My Page as a service provider for Microsoft Azure Active Directory.

Procedure

1. Sign into RSA Cloud Administration Console and browse to Users >  Identity Providers.
2. Click Add for Cloud Identity Providers.
3. In the Name and Description section, enter a name for the identity provider and add an optional description.
4. In the Configuration section, provide the following details. 
   1. Issuer ID: Enter the value of the Azure AD Identifier provided by Microsoft Azure Active Directory under Single Sign-on > Set up.
   2. Issuer URL: Enter the value of the Login URL provided by Microsoft Azure Active Directory under Single Sign-on > Set up.
   3. Audience ID: Enter a value that the identity provider will insert into SAML assertions to indicate for whom the assertions are intended.
      The value is also used as the Entity ID in SAML requests sent to the identity provider.
   4. Assertion Consumer Service (ACS) URL: Displays the URL that Microsoft Azure Active Directory will use to set up the service provider.
      
5. In the Certificate section, click Choose File to upload the certificate that the Cloud Authentication Service uses to validate the assertion signature provided by Microsoft Azure Active Directory.
   This certificate can be downloaded from Microsoft Azure Active Directory under Single Sign-on > SAML Certificates.
   
6. Navigate to Access > My page and enable Self-Service.
   Users can use the URL displayed to access My Page.
   
7. In the Access Policy for Authentication section, choose a policy that was configured earlier.
   The policy should have a Primary Authentication Method defined to enable and choose the created IdP from the Default Method list.
   Choose your preferred access policy for additional authentication if needed.
8. Ensure that:
   1. An identity source is created in RSA Cloud Authentication Service under Users > Identity Sources or create a local identity source for testing purposes.
   2. Create new users in the local identity source.
      These users can access My Page.
      

Configure Microsoft Azure Active Directory

Perform these steps to configure Microsoft Azure Active Directory as the third-party IdP for My Page.

Procedure

1. Sign into Microsoft Azure Active Directory Admin Console.
2. In the left pane, click Enterprise applications.
   
3. Click the plus icon for New Application and click Create your own application.
4. On the Create your own application screen, enter a name for the app (My Page) and click Create.
   
   The new application properties page appears.
5. On the Getting Started menu, click Set up single sign-on, and then choose SAML as the single sign-on method.
6. In the Basic SAML Configuration section, click the edit icon and enter the Entity ID which should be the same as the Audience ID field that is configured on the RSA side.
    
7. Enter the ACS URL provided by RSA.
8. In the SAML Certificates section, download the signing certificate, which needs to be uploaded to RSA as the IdP signing certificate.
9. In the Set up section, copy the Login URL and provide it as the Issuer URL and the Azure AD Identifier as the Issuer ID field in RSA Administration Console. See step 2 in the previous section.
   
10. In the left pane, click Users and Groups and choose the users in your organization to whom you want to give access to the application.
    

Configuration is complete.

Return to the main page.