Okta - IdP for My Page - RSA Ready Implementation Guide
10 months ago

This article describes how to configure Okta as an IdP for My Page.

  

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA My Page as a service provider for Okta.
Procedure

  1. Sign in to the RSA Cloud Administration console.
  2. Navigate to Access > My Page and ensure that the My Applications option is enabled. Users can use the displayed URL to access the self-service My Page portal.
  3. Create a 2.0 policy for authentication:
    1. Navigate to Access > Policies and click Add a Policy.
    2. On the Basic Information page, provide a policy name and click Next Step.
    3. Select the identity source that should be available for this policy and click Next Step.
    4. On the Primary Authentication page, enable the Primary Authentication option and select the Okta Identity Provider that is created.
       
    5. Click Next Step and make the desired changes on the Rule Sets tab.
    6. Click Save and Finish and click Publish Changes.
      Note: Use a placeholder method until Okta Identity Provider is configured by following the steps in the Adding Identity Provider subsection and then revisit to update the Default Method.
                

Assigning Policy for My Page 

  1. Go to Access > My Page > My Applications.
  2. Under the Authentication section, select the 2.0 access policy created before.
  3. Click Save and click Publish Changes.

  

Adding Identity Provider 

  1. Go to Users > Identity Providers and click Add for Cloud Identity Providers.
  2. Enter a name for the Okta provider and provide  the following details:
    1. In the Issuer ID field, enter the value of the Issuer ID provided by Okta: http://www.okta.com/AccountID. This is the value of Issuer copied from Okta.
    2. In the Issuer URL field, enter the value of the Sign-on URL copied from Okta
    3. In the Audience ID field, provide any value. This value is included by the identity provider in SAML assertions to indicate the intended recipient. The value is set as the Entity ID in SAML requests sent to the identity provider. We have given the hostname of the Cloud authentication service tenant along with “.com”.
    4. Copy the Assertion Consumer Service (ACS) URL and Audience ID to be used in the Okta configuration.
  3. In the Certificate section, click Choose File to upload a certificate that the Cloud Authentication Service uses to validate the assertion signature provided by Okta. This is the certificate downloaded from the Okta side. Refer to the Configure Okta section to obtain the certificate to validate the assertion signature.
  4. Ensure that an Identity source is created in RSA Cloud Authentication Service under Users > Identity Sources or create a local one for testing purposes. Create a new user in the local identity source. This user will be able to access the My Page portal.
  5. Click on Save and Finish and click Publish Changes.

  

Configure Okta

Perform these steps to configure Okta as the third-party IdP for My Page.

  1. Sign in to Okta Admin Console.
  2. In the left side panel, click Applications > Applications.
  3. Click Create App Integration
  4. Select SAML 2.0.
  5. In the General Settings section, enter a name for the application (My Page portal) and then click Next.
  6. Perform the following steps to create a new application in Okta.
    1. Provide the App name in the General Settings section and click Next.
    2. Provide random acceptable values for Single sign-on URL, Audience URI, and click Next.
    3. Select the This is an internal app that we have created checkbox and click Finish.
      Note: The values given in the preceding step are placeholder values in order to create the application in Okta and generate the values required for the configuration on RSA.
  7. Go to the Sign On tab of the created application and copy the values of Issuer and Sign on URL to be used in RSA configuration.
  8. Download the Signing Certificate. This will be used on the RSA side of the configuration.
  9. Go to the General tab of the created application and click edit on the SAML Settings.
  10. On the Configure SAML tab, provide the following details:  
    1. Single sign-on URL: Enter the value of ACS URL that was copied from RSA.
    2. Audience URI (SP Entity ID): Enter the value of the Audience ID that was copied from RSA.
    3. Name ID format: Set this to EmailAddress.
    4. Set the rest of the values to default values .
  11. Click Next.
  12. Select the This is an internal app that we have created checkbox.
  13. Click Finish.
  14. Assign the users who will be able to access the created application by performing the following steps. These are the users who will be able to log in to My Page after being authenticated by Okta.
    1. Click the Assignments tab on the newly created application.
    2. Click Assign > Assign to People.
    3. Search for the user and click Assign against the user.

 

The configuration is complete. The users can sign in to My Page and be authenticated by Okta.
Return to Okta - Third-Party IdP Integration - RSA Ready Implementation Guide.

    Don't see what you're looking for?