This section describes how to integrate RSA SecurID Access with Atlassian Opsgenie using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Atlassian Opsgenie SAML Service Provider (SP).

Architecture Diagram

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Atlassian Opsgenie .

Procedure

1. Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.

2. From the Relying Party Catalog, select the +Add button for Service Provider SAML.

3. In the Basic Information section, enter a name and click Next Step.

4. In the Authentication section, do the following:

a. Under Authentication Details, select RSA SecurID Access manages all authentication.

b. Select appropriate primary and additional authentication methods.

c. Click Next Step.

5.On the next page, under Service Provider Metadata enter the following values:

1. Assertion Consumer Service (ACS) URL Enter the SP Assertion Consumer Service URL obtained from Step 6 of Configure Atlassian Opsgenie section.

2. Service Provider Entity ID - Enter the SP Entity ID obtained from Step 6 of Configure Atlassian Opsgenie section.

6. Select Default Service Provider Entity ID in Audience for SAML Response section.

7. In the Message Protection section, under SAML Response Protection, select IdP signs entire SAML response. Click Download Certificate and save the certificate.

8. Click Show Advanced Configuration.

9. Under User Identity section, select the following:

a. Identifier Type: Select Auto Detect.

b. Property: Select Auto Detect.

10. Click Save and Finish.

11. Click the Publish Changes button in the top left corner of the page, and wait for the operation to complete.

12. Navigate to Authentication Clients > Relying Parties and locate Atlassian in the list and from the Edit option, select Metadata and note the entityID and SingleSignOnService POST Location. This will be required in Step 4 of the Configure Atlassian Opsgenie section.

Configure Atlassian Opsgenie

Perform these steps to integrate Atlassian Opsgenie with RSA SecurID Access as a Relying Party SAML SP.

Note: Before proceeding, please make sure you have access to Atlassian Access, which is an organization level subscription that connects Atlassian cloud products to the Identity Provider. Also make sure :

a) Your organization is registered and verified in Atlassian Access.

b) Atlassian Opsgenie is configured in Atlassian Access.

Procedure

1. Log on to https://admin.atlassian.com as an administrator.

2. Select your organization, then click Security.

3. Select SAML single sign-on and then click on Add SAML configuration.

4.On the Add SAML configuration page, enter the following information:

a. Identity provider Entity ID: Enter the entityID from Step 12 of Configure RSA Cloud Authentication Service section.

b. Identity provider SSO URL: Enter the Identity Provider URL from Step 12 of Configure RSA Cloud Authentication Service section.

c. Public x509 certificate: Open the RSA SecurID Access public certificate downloaded from Step 7 of Configure RSA Cloud Authentication Service section in a text editor. Copy and paste the content of the certificate in this field.

5. Click Save configuration.

6. Once your have added the configuration successfully, you will be able to see the SP information. This information is required in Step 5 of Configure RSA Cloud Authentication Service section.

7. If you want to enforce SAML single sign-on to any policy for your organization, it can be done by checking Enforce single sign-on on that policy in Authentication policies page.

Configuration is complete.

For additional integrations, see "Configuration Summary" section.