This section describes how to integrate RSA SecurID Access with RSA Governance and Lifecycle using relying party. Relying party uses SAML to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to RSA Governance and Lifecycle SAML Service Provider (SP).

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a Relying Party to Governance and Lifecycle. 

Procedure

1. Sign in to RSA Cloud Administration Console.
2. Select the Authentication Clients > Relying Parties menu item at the top of the page.

3. Click the Add a Relying Party button on the My Relying Parties page.

4. Select the Add button for Service Provider SAML from the Relying Party Catalog.

5. On the Basic Information page, enter a Name for the Service Provider in the Name field

6. Click the Next Step button.
7. On the Authentication page, select SecurID Access manages all authentication.
8. From 2.0 Access Policy for Authentication dropdown list, select a policy that was previously configured.

9. On the connection profile section, click Enter Manually button.

10. Go to the Service Provider section and enter the following details:
    1. ACS URL: https://G&L domainname/aveksa/main
    2. Service Provider Entity ID: Same as ACS URL

11. On the Audience for SAML Response section, select the Default: Service Provider Entity ID option.

12. On the SAML Response Protection section, select IdP signs entire SAML response.
13. Click Download Certificate and save the certificate.
    Note: This certificate is required for SAML configuration in Governance and Lifecycle.

14. Go to the User Identity section and select the following details:
    1. Identifier Type – transient.
    2. Property – employeeID.

          Note: Property has to be mapped in Governance and Lifecycle portal.

15. Click Save and Finish.
16. Locate the application just created in Relying Parties page and click the dropdown arrow next to Edit > Metadata > Download Metadata File.
17. Click Publish Changes and wait for the operation to be completed.

18. After publishing, your application is now enabled for SSO. 

Configure G&L Relying Party

Perform these steps to integrate Governance and Lifecycle with RSA SecurID Access as Relying Party. 

Procedure

1. Sign in to Governance and Lifecycle with admin log in.

2. On the home page, navigate to Admin > system > Authentication.

3. Create the Authentication source as shown in the following format: 

1. 1. Authentication Source Name : RSA
   2. Type : SAML Authenticator
   3. Configuration properties Identity URL : copy the identity URL from RSA.

4. Download the certificate to upload in RSA configuration.
5. Click on Finish to complete the configuration.

Return to the main page for more certification related information.