Okta - SAML Relying Party Configuration - RSA Ready Implementation Guide
9 months ago
Originally Published: 2021-11-07

This section describes how to integrate RSA Cloud Authentication Service with Okta using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service

Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Navigate to Authentication Clients menu and select Relying Parties.

  1. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAML.

  1. On the Basic Information page, enter the name for the application in the Name field and click Next Step.

  1. In the Authentication tab, select SecurID manages all authentication, Select a Primary Authentication Method and Access Policy as required and click Next Step.

  1. Under Data Input Method, click Import Metadata file from Okta to populate the Assertion Consumer Service URL value and Service Provider Entity ID.

  1. Under the Message Protection section, for SAML Response Protection:
    • Select IdP signs assertion with response.

  1. Scroll down to the User Identity section and select the following:
    1. Identifier Type – emailAddress
    2. Property – mail

  1. Identity Provider, same Entity ID is required to configure in the Okta configuration.

  1. Click Save and Finish.
  2. On the My Relying Parties page, click Edit Dropdown and select Metadata option to download the metadata.
  3. Click Publish Changes. After publishing, your application is now enabled for SSO.

The Configuration is complete.

OKTA Configuration

Perform these steps to configure OKTA.

Procedure

  1. Log in to Okta with the admin account, browse to the Security > Identity Providers  > Add Identity Provider.

  1. Select the Identity Provider as SAML 2.0 click on next.

  1. Provide the name details to configure General settings.

  1. Select IdP Usage as SSO only and select the checkbox for Account matching with Persistent Name ID.

  1. Provide details in the Account matching with IdP Username section.
    • Select the idpuser.subjectNameID from drop down for IDP username.
    • Match against field select the Email from drop down.
    • If no match is found select the check box Redirec to Okta Sign-in page.

  1. Provide the following details in the SAML Protocol Setting section:
    • IdP Issuer URI - Obtain from the metadata file downloaded from RSA.
    • IdP Single Sign-On URL - Obtain from the metadata file downloaded from RSA.
    • IdP Signature Certificate – Upload the downloaded certificate from RSA.
    • Request Binding – Select HTTP POST.

  1. Provide the details as shown in the following figure and click Finish.
    • Request Signature select the check box Sign SAML Authentication requests.
    • Request Signature Algorithm select the SHA-256 from the drop down list.
    • Destination Specify the destination RSA URL.

     8. Navigate to the Identity Providers section and click Add Routing Rule under the Routing rules tab.

    9. Provide the Rule name, select the IdP as Okta under IdPs, and click Create rule.

The configuration is complete.

Don't see what you're looking for?