This section describes how to integrate RSA SecurID Access with Pega Platform using a SAML SSO Agent.

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Pega Platform. During configuration of the IdP you will need some information from the SP. This information includes (but is not limited to) Assertion Consumer Service URL and Service Provider Entity ID.

Procedure

1. Sign into RSA Cloud Administration Console and browse to Applications > Application Catalog, click Create From Template and select SAML Direct.

   

    

2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

   

    

3. Navigate to Initiate SAML Workflow section.

   1. In the Connection URL field, enter the Assertion Consumer Service (ACS) location, which is available in Step 7 of Configure SAML in Pega Platform section.

   2. Choose SP-Initiated.

   

    

4. Scroll down to SAML Identity Provider (Issuer) section.

   

    

1. Identity Provider URL - <Automatically generated>

2. Issuer Entity ID - <Automatically generated>

3. Select Choose File and upload the private key.

4. Select Choose File to import the public signing certificate.

1. Scroll down to the Service Provider section.

   

    

   1. Assertion Consumer Service (ACS) - Enter the Assertion Consumer Service (ACS) location, which is available in Step 7 of Configure SAML in PegaPlatform section.

   2. Audience (Service Provider Entity ID) - Enter the Entity Identification, which is available in Step 7 of Configure SAML in PegaPlatform section.

2. Scroll to the User Identity section, select the following values.

   

    

   • Identifier Type – Email Address

   • Identity Source – name of your user identity source

   • Property – mail

3. Click Next Step.

4. On the User Access page, select Allow All Authenticated Users radio button.

1. Click Next Step.

2. On the Portal Display page, select Display in Portal.

3. Click Save and Finish.

4. Click Publish Changes.

1. Navigate to Applications > My Applications and locate Pega in the list and from the Edit option, select Export Metadata.

Configure SAML in Pega Platform

Perform these steps to configure PegaPlatform as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

1. Log onto the Pega Platform Dev Studio.

2. Navigate to Configure > Org &Security > Authentication > Create Authentication Service.

   

    

3. Enter the following details:

   

    

   • Authentication Type: SAML 2.0

   • Name: Any name for this service

   • Short description: Any short description for this service.

4. Click Create and open.

5. On the Authentication Service form enter a Authentication service alias. This becomes part of the URL of SSO login.

   

    

6. Click the Import IDP metadata link and select via file and choose the idp metadata downloaded in Step 13 of Configure RSA Cloud Authentication Service section.

   • After the idp metadata import the Identity Provider (IdP) information should look like this:

     

      

7. On the Service Provider (SP) settings section, copy the Entity Identification url and Assertion Consumer Service (ACS) location url. These urls are needed in Step 3 and Step 5 of Configure RSA Cloud Authentication Service section.

   • Select Disable request signing checkbox.

     

      

8. Click Save.

Return to the main page for more certification related information.