Configure RSA Cloud Authentication Service

1. Sign in to the RSA Cloud Administration Console with administrator credentials.
2. Enable SSO on the My Page portal by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected by two-factor authentication using a Password and Access Policy.
3. On the Applications > Application Catalog page, click on Create From Template.
4. On the Choose Connector Template page, click Select for SAML Direct.
5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
6. In the Connection Profile section, select IdP-initiated option.
7. Provide the Service Provider details in the following format:
   1. Assertion Consumer Service (ACS) URL: https://<IPAddress or FQDN>/teampasswordmanager/index.php/login/samlacs
   2. Service Provider Entity ID: https://<IP address>/teampasswordmanager/index.php/login/samleid

8. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.
9. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
   1. Identifier Type: Auto Detect 
   2. Property: Auto Detect

10. Click Next Step.
11. Choose your desired Access Policy for this application and click Next Step > Save and Finish.
12. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.
13. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.

Configure Team Password Manager

1. Log in to Team Password Manager as an administrator.
2. Go to Settings and select SAML Authentication, then click the Enable SAML Authentication button to enable SAML authentication.
3. Click Yes to enable SAML authentication.

4. Copy the Entity Id and Assertion Consumer Service URL for RSA configuration.
5. Click Edit Identity Provider SAML Settings button under the Identity Provider (IdP) Settings section to configure identity provider details.
6. Provide the following details and click Save. 
   1. Entity Id: Enter the value of entityID, obtainable from the metadata file downloaded from the RSA platform.
   2. Single Sign-on URL: Enter the value of SingleSignOnService, obtainable from the metadata file downloaded from the RSA platform.
   3. Certificate: Copy and paste the certificate downloaded from the RSA platform.

7. To convert a user to a SAML user, go to Users/Groups and then click on the user under Users section. 
8. Click Convert to SAML User.

9. Click Yes to confirm the conversion.

10. After converting the user to a SAML user, the SAML icon will appear.