This section describes how to integrate Zimperium zConsole with RSA Cloud Authentication Service using My Page SSO.

   
Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure

1. In the Cloud Administration Console, navigate to the Applications > Application Catalog page and click Create From Template.
   
2. Click Select for SAML Direct. 
3. On the Basic Information page, choose Cloud and provide a Name for the application, for example, Zimperium ZConsole.
   
4. On the Connection Profile page, provide the following client-prefix as the Connection URL: 
   https://client-prefix-ZimperiumZConsole.zimperium.com/api/auth/saml/login
   Under Data Import Method, click Import Metadata and click Choose File. Import the client-prefix-ZimperiumZConsole_zimperium_com_saml_metadata.xml file that was previously downloaded from the Zimperium zConsole. The metadata file will configure all other necessary settings on the Connection Profile page.
   
5. In the Service Provider section, provide the following details:
   1. ACS URL: https://hostname.Zimperium.com/api/auth/saml/sp
   2. Service Provider Entity ID: Same as ACS URL
      ACS URL and Entity ID are auto-populated when imported. The metadata file will configure all other necessary settings on the Connection Profile page.
      
6. Click Show IdP Advanced Configuration.
7. Copy and save the Identity Provider Entity ID value (a default Entity ID for My Applications will be a URL). It will be used later when configuring the Zimperium zConsole in the next section.
8. Click Next Step.
9. On the User Access page, choose Allow All Authenticated Users for initial testing. Once it is confirmed, administrator users can sign in to the Zimperium zConsole from the My Page > My Applications without any additional restrictions.
   
10. Click Next Step. 
    Fulfillment service provisions user’s access requests for applications/services.
    
11. Click Save and Finish.
12. Click Publish Changes.
    
    
13. On the Applications > My Applications page, click the Edit icon for the Zimperium zConsole configuration, and select Export Metadata. When prompted, save the exported metadata file to your computer. The default file name will be applicationName-idp-metadata.xml.
    

Configure Zimperium zConsole

1. Once the SSO configuration is enabled for your Zimperium zConsole, download the Zimperium ZConsole metadata file from: https://client-prefix-ZimperiumZConsole.zimperium.com/api/auth/saml/metadata
   where client-prefix-ZimperiumZConsole.zimperium.com is your new Zimperium ZConsole hostname.
   The downloaded metadata file is: client-prefix-ZimperiumZConsole_zimperium_com_saml_metadata.xml
2. Create a test user in your Zimperium zConsole or choose an existing administrator to test.
3. Click the cog icon in the upper-right corner, and then navigate to the Users menu.
4. Configure RSA Cloud Authentication Service as explained in the next section.
5. In Zimperium zConsole, click the cog icon in the upper-right corner, and then navigate to the SSO menu.
   1. Entity ID: Set to the Identity Provider Entity ID copied from the application configuration in the Cloud Administration Console.
   2. Metadata: Use a text editor such as Notepad to open the metadata file that was downloaded while configuring the RSA Cloud Authentication Service. Copy the entire content of the file and paste it into the metadata field. 
   3. Choose SAML as the SSO Type.
   4. Keep the Disable Local Logins check box cleared. This allows administrators to continue to sign in with their existing Zimperium zConsole user ID and password. If the Disable Local Logins is selected, administrators must sign in with SSO since it is the only option available.
   5. Click Save Configuration. 
      
      SSO has been enabled. The Zimperium zConsole login screen now displays the Sign In with SSO button, which can be used to test SSO login with the new test user. Existing administrators can continue to use the Sign In button.
6. Return to the SSO Configuration page and select the Disable Local Logins check box to force administrators to sign in with SSO.

The configuration is complete.

Return to Zimperium zConsole - RSA Ready Implementation Guide.