Certified: January 28, 2025 

Solution Summary

This guide describes the configuration steps involved in integrating Skyhigh End User Remediation flow with RSA Cloud Authentication service using SAML 2.0.
    

Use Case

Skyhigh End User Remediation flow can be integrated with RSA using My Page SSO and Relying Party. When integrated, users must authenticate with RSA to sign in to Skyhigh Security.
  

Integration Types 

My Page SSO provides Single-Sign-On (SSO) to Skyhigh users leveraging RSA self-service portal My Page. When integrated, users must authenticate with RSA to sign in Skyhigh. Modern Cloud-hosted SSO with My Page replaces the existing SAML SSO support with the IDR. Existing SSO integrations using IDR My Applications continue to be supported and will be listed in this document as applicable.

Note: RSA will continue to maintain existing SAML SSO integrations using IDR My Applications. At a to-be-determined future date, RSA will announce the end-of-life (EOL) date for the SAML SSO support with the IDR. For more information Available Now: My Page SSO Enhancements - RSA Community - 680715

SSO Agent integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to RSA SecurID Access for authentication. SSO Agents also provide Single Sign-On to other applications using the RSA Application Portal.

Relying Party integration allows Skyhigh users’ web browsers to be automatically redirected to RSA Cloud Authentication Service for authentication. With Relying Party integration, Cloud Authentication Service can manage only additional authentication or both primary authentication (for example, user ID and password) and additional authentication.

Supported Features 

This section shows all the supported features by integration type and by RSA components. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with Skyhigh End User Remediation flow using each integration type. 
  

Skyhigh End User Remediation flow Integration with RSA Cloud Authentication Service

Authentication Methods	RSA MFA API (REST)	RADIUS	Relying Party	My Page SSO
Approve	-	-
LDAP Password	-	-
SecurID OTP	-	-
Authenticate OTP	-	-
Device Biometrics	-	-
SMS OTP	-	-
Voice OTP	-	-
FIDO Security Key	-	-
QR Code	-	-
Emergency Access Code	-	-

Skyhigh End User Remediation flow Integration with RSA Authentication Manager

	Supported
-	Not supported
n/t	Not yet tested or documented, but may be possible
n/a	Not applicable

Configuration Summary

This section contains instruction steps that show how to integrate Skyhigh End User Remediation flow with RSA using all of the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and Skyhigh Security components must be installed and working prior to the integration.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
 

Integration Configuration

RSA Cloud Authentication Service

• Skyhigh End User Remediation Flow - SAML My Page SSO Configuration - RSA Ready Implementation Guide
• Skyhigh End User Remediation Flow - SAML Relying Party Configuration - RSA Ready Implementation Guide

RSA Terminology Changes

The following table describes the differences in the terminologies used in the different versions of RSA products and components. 

Certification Details

RSA Cloud Authentication Service
Skyhigh Security
  

Known Issues

IDP-initiated flow is not supported.