This section describes how to integrate RSA SecurID Access with Atlassian Opsgenie using a SAML SSO Agent.
Architecture Diagram
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Atlassian Opsgenie.
Procedure
1. Sign into the RSA Cloud Administration Console and browse to Applications > Application Catalog, click Create From Template and select SAML Direct.
2. On the Basic Information page, specify the application name and click Next Step.
3. In the Initiate SAML Workflow section:
a. Connection URL: In the Connection URL field, enter the SP Assertion Consumer Service URL obtained from Step 6 of Configure Atlassian Opsgenie section.
b. Select the SP-initiated radio button.
4. In the SAML Identity Provider (Issuer) section:
a. Identity Provider URL : This will be automatically generated.
b. Issuer Entity ID : This will be automatically generated.
c. Click Generate Cert Bundle to generate and download a zip file containing the private key and certificate. Unzip the downloaded file to extract the certificate and private key.
d. Select the first Choose File and upload the RSA SecurID Access private key.
e. Select the second Choose File and upload the RSA SecurID Access public certificate.
5. Under Service Provider section:
a. Assertion Consumer Service (ACS) URL: In Assertion Consumer Service (ACS) URL feild enter the SP Assertion Consumer Service URL obtained from Step 6 of Configure Atlassian Opsgenie section.
b. Audience (Service Provider Entity ID): In Audience feild enter the SP Entity ID obtained from Step 6 of Configure Atlassian Opsgenie section.
6. Under User Identity section, select Email Address from the Identifier Type drop-down list, select the name of your user Identity Source and select the property value as mail.
7. Scroll to the bottom of the page and click Next Step.
8. On the Access Policy page, select the access policy the identity router will use to determine which users can access the Atlassian Opsgenie service provider. Click Next Step.
9. On the Portal Display page, configure the portal display and other settings. Click Save and Finish.
10. Click Publish Changes in the top left corner of the page, and wait for the operation to complete.
Configure Atlassian Opsgenie
Perform these steps to integrate Atlassian Opsgenie with RSA SecurID Access as a SAML SSO Agent.
Note: Before proceeding, please make sure you have access to Atlassian Access, which is an organization level subscription that connects Atlassian cloud products to the Identity Provider. Also make sure :
a) Your organization is registered and verified in Atlassian Access.
b) Atlassian Opsgenie is configured in Atlassian Access.
Procedure
1. Log on to https://admin.atlassian.com as an administrator.
2. Select your organization, then click Security.
3. Select SAML single sign-on and then click on Add SAML configuration.
4.On the Add SAML configuration page, enter the following information:
a. Identity provider Entity ID: Enter the Issuer Entity ID from Step 4 b of Configure RSA Cloud Authentication Service section.
b. Identity provider SSO URL: Enter the Identity Provider URL from Step 4 a of Configure RSA Cloud Authentication Service section.
c. Public x509 certificate: Extract the certificate bundle downloaded from Step 4 c of Configure RSA Cloud Authentication Service section and open the RSA SecurID Access public certificate in a text editor. Copy and paste the content of the certificate in this field.
5. Click Save configuration.
6. Once your have added the configuration successfully, you will be able to see the SP information. This information is required in Step 3 and Step 5 of Configure RSA Cloud Authentication Service section.
7. If you want to enforce SAML single sign-on to any policy for your organization, it can be done by checking Enforce single sign-on on that policy in Authentication policies page.
Configuration is complete.
For additional integrations, see "Configuration Summary" section.
