Symantec Privileged Access Manager - SAML My Page SSO Configuration - RSA Ready Implementation Guide
5 months ago

This article describes how to configure Symantec Privileged Access Manager with Cloud Access Service (CAS) using My Page SSO.

      

Configure CAS

Perform these steps to configure CAS using My Page SSO.

Procedure

  1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
  2. Click Create from Template and click Select for SAML Direct.
  3. On the Basic Information page, choose Cloud.
  4. Enter the name for the application and click Next Step.
  5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose IdP-initiated.
  6. Specify the following details from Symantec Privileged Access Manager.
    1. Assertion Consumer Service (ACS) URLhttps://hostname.SymantecPAM/idp/profile/SAML2/POST/SSO
    2. Service Provider Entity ID: Unique in both CAS and Symantec Privileged Access Manager.
  7. Scroll down to the Identity Provider section.
  8. Make a note of the Identity Provider URL, as it is needed for the Symantec Privileged Access Manager configuration.
  9. Under the Message Protection section, for SAML Response Protection:
  10. Select the certificate downloaded from Symantec Privileged Access Manager.
  11. Choose IdP signs assertion within response.
  12. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
  13. Click Next Step and select the configured policy.
  14. On the Portal Display page, select Display in Portal and click Next Step.
  15. Configure the Fulfillment details as per your organization's policy.
  16. Locate the application you created on the My Applications page and click the drop-down arrow next to Edit, and click Edit > Export Metadata.
  17. Click Publish Changes. After publishing, your application is now enabled for SSO.

     

Configure Symantec Privileged Access Manager

Perform these steps to configure Symantec Privileged Access Manager.

Procedure

  1. Log in to Symantec Privileged Access Manager with the admin account.
  2. Browse to Configuration > Security > SAML and provide the following details under SP Configuration.
    1. Entity ID: It should be unique in both CAS and the Symantec portal.
    2. Fully Qualified HostName: Specify the CAS hostname here.
    3. Certificate Key Pair: gkcert.crt. This can be uploaded in the CAS SAML request.
  3. Navigate to Configured Remote SAML IDP to upload IDP Metadata File, which was downloaded from RSA.
  4. Click Save to complete the SAML configuration.
  5. Navigate to Configuration > Security > Certificates > Download from Filename and select the certificate to download it. This needs to be used in CAS configuration.

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?