Certified: August 25, 2023

Solution Summary

This section describes Microsoft Azure Active Directory integration with RSA (or ID Plus) to provide a Third-Party Identity Provider (IdP) authentication using SAML 2.0. 

Use Case

Microsoft Azure Active Directory can be integrated with RSA as an IdP for Cloud Authentication Service and My Page. 

Before you begin

• Make sure that all changes are correct and saved on the Microsoft Azure Active Directory side before saving any changes on the RSA side. When the changes are saved on the RSA side, the feature will be enabled and if it does not work, then all super administrators and administrators will be locked out. Enabling the authentication through a third-party IdP disables the regular password authentication by default.  The configuration must work through the IdP to gain access to the Cloud Administration Console.
• Before saving the changes on the RSA side, open a tab in your browser and log on to the Cloud Administration Console as a super administrator to create another session. You can use this session to increase the Inactivity Timeout (My Account > Company Settings > Sessions and Authentication) to ensure that the session does not time out before the configuration is complete (Make sure to change the setting back after the authentication has been tested). Additionally, you can use the second session to disable the changes on the RSA side if test authentications through third-party IdP fail. If the super administrators are unable to log on with Microsoft Azure Active Directory, then log a case with RSA Support to turn off the third-party IdP configuration so that you can log on again with the Cloud-based password.  Unless you need immediate Cloud Admin Console access to fix a production authentication down situation, the normal turnaround for such a change by RSA may be up to two business days.
• After this is successfully configured, if Microsoft Azure Active Directory becomes unavailable for some reason, then you will have no access to the Cloud Admin Console until Microsoft Azure Active Directory is available again. During a continued outage, you may contact RSA Support to turn off the third-party IdP feature on your tenant.

Configuration Summary

This section contains instruction steps that show how to configure Microsoft Azure Active Directory as an IdP for RSA Cloud Authentication Service and My Page portal.

This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.

All RSA and Microsoft Azure Active Directory components must be installed and working prior to the integration.

This section of the guide includes links to the appropriate sections for configuring both sides for each use case.

Integration Configuration

• Microsoft Azure Active Directory as an IdP for Cloud Authentication Service
• Microsoft Azure Active Directory as an IdP for My Page

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components. 

Known Issues

No known issues.

Certification Details

RSA Cloud Authentication Service

RSA My Page 

Microsoft Azure Active Directory