This section describes how to integrate RSA SecurID Access with MyWorkDrive using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to MyWorkDrive SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to MyWorkDrive .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

1. Click the Add a Relying Party button on the My Relying Parties page.

1. From the Relying Party Catalog select the +Add button for Service Provider SAML.

1. Enter a Name for the Service Provider in the Name field on the Basic Information page.

   

    

2. Click the Next Step button.

3. On the Authentication page, select RSA SecurID Access manages all authentication.

4. Select your access policy from the Access Policy for Additional Authentication drop-down menu.

   

    

5. Select Next Step.

6. For Connection Profile page's Service Provider Metadata section, enter the following information:

1. Assertion Consumer Service (ACS) URL Enter the Assertion Consumer Service (ACS) URL like https://YourMWDserver.yourdomain.com/SAML/AssertionConsumerService.aspx.

2. Service Provider Entity ID - MyWorkDrive.

1. Select Default Service Provider Entity ID in Audience for SAML Response section.

1. Copy the MyWorkDrive certificate from MyWorkDrive Server location C:\Wanpath\WanPath.Data\Settings\Certificates and click Choose File and attach it.

   

    

   1. Click Download Certificate. This certificate is required for Step 2 of Configure SAML in MyWorkDrive.

2. Click Show Advanced Configuration and configure User Identity with the following values:

1. Identity Type – Email Address

2. Property - mail

1. Click Save and Finish.

2. Click Publish Changes.

1. Navigate to Authentication Clients > Relying Parties and locate MyWorkDrive in the list and from the Edit option, select View or Download IdP Metadata. Locate the entityID from the metadata and copy it as it will be needed in Step 3 Configure SAML in MyWorkDrive.

Configure SAML in MyWorkDrive

Perform these steps to configure MyWorkDrive as a Relying Party SAML SP to RSA Cloud Authentication Service.

Please Note: Before proceeding, please ensure that the users are available in Active Directory with matching username UPN with users logging into RSA Cloud Authentication Service.

Procedure

1. Log into MyWorkDrive Server as administrator.

2. Navigate to C:\Wanpath\WanPath.Data\Settings\Certificates and place the RSA Cloud Authentication Service certificate downloaded in Step 11-a of Configure RSA Cloud Authentication Service section.

3. Update the SAML config located at C:\Wanpath\WanPath.Data\Settings to add <PartnerIdentityProvider> entry. In this case we used below:

   <PartnerIdentityProvider Name="https://rsa-sid-pe-01.auth-dev.securid.com/saml-fe/sso"

   Description="RSA Identity Provider"

   SignAuthnRequest="true"

   SingleSignOnServiceUrl="https://rsa-sid-pe-01.auth-dev.securid.com/saml-fe/sso"

   PartnerCertificateFile="C:\Wanpath\WanPath.Data\Settings\Certificates\IDPSigningCertificate.pem"/>

1. Name: Enter the entityID URL from Step 15 of Configure RSA Cloud Authentication Service section.
2. Description: Description for this config.
3. SignAuthnRequest: true.
4. SingleSignOnServiceUrl: Enter the entityID URL from Step 15 of Configure RSA Cloud Authentication Service section.
5. PartnerCertificateFile: Full file path of the certificate placed in Step 2 of this section.

Configuration is complete.

Return to the main page for more certification related information.