Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. Provide the Service Provider details in the following format:
   1. Assertion Consumer Service (ACS) URL: <tenantID. Splunkcloud.com>
   2. Service Provider Entity ID: <Entity Id>

8. In the SAML Request Protection section, select SP signs SAML requests and upload the certificate obtained from the Splunk Cloud platform.
9. In the SAML Response Protection section, select IdP signs assertion within response and select Override default signing key and certificate.
10. To generate the certificate, click Generate Cert Bundle and extract the generated folder. Upload the 'private.key' and 'cert.pem' files.
11. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect

12. Under the Statement Attributes section, add the following attributes as shown in the figure:
    1. First Attribute
       1. Attribute Name: mail
       2. Attribute Source: Identity Source
       3. Property: mail
    2. Second Attribute:
       1. Attribute Name: role
       2. Attribute Source: Identity Source
       3. Property: virualGroups
    3. Third Attribute:
       1. Attribute Name: realName
       2. Attribute Source: Identity Source
       3. Property: userName

13. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
14. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
15. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Splunk Cloud

1. Log in to Splunk Cloud with admin credentials.
2. Navigate to Settings and select Authentication methods.
3. Select SAML radio button and click SAML Settings.
4. Select SAML Configuration.

5. Under SAML Configuration, download the SP Metadata File, upload the IdP Metadata file downloaded from the RSA platform, then click Apply.
   1. In General Settings, IdP details will be autofilled.
   2. Entity ID: Provide a unique ID or value used as the Service Provider entity ID in the RSA configuration (e.g., "SplunkEntityId").
   3. Select the Sign AuthnRequest checkbox.
   4. Under Advanced Settings, do the following:
      • Name Id Format: Select Email Address from the dropdown.
      • Fully qualified name or IP of the load balancer: Autopopulated.
      • Redirect port - load balancer port: 443.
      • Click Save.

6. Click New Group to create a new group.

7. Provide the Group Name, add the required Splunk and click Save.
8. Navigate to Settings > Authentication Methods and click Reload authentication configuration.

Notes:

1. Log in to Splunk Cloud.
2. Navigate to Settings > Authentication methods > SAML Settings > New Group to create a new group.
3. Ensure the Role attribute and Group are configured in Splunk Cloud.
4. On the RSA platform, go to Users > Management, search for and select the user.
5. RSA platform users must belong to a 'Group Membership' with the same group value as in Splunk Cloud 'Group' shown above.