This section describes how to integrate RSA SecurID Access with MyWorkDrive using relying party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to MyWorkDrive SAML Service Provider (SP).
Architecture Diagram
Perform these steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to MyWorkDrive .
Procedure
Sign into the RSA Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Party.
Click the Add a Relying Party button on the My Relying Parties page.
From the Relying Party Catalog select the +Add button for Service Provider SAML.
Enter a Name for the Service Provider in the Name field on the Basic Information page.
Click the Next Step button.
On the Authentication page, select RSA SecurID Access manages all authentication.
Select your access policy from the Access Policy for Additional Authentication drop-down menu.
Select Next Step.
For Connection Profile page's Service Provider Metadata section, enter the following information:
Assertion Consumer Service (ACS) URL Enter the Assertion Consumer Service (ACS) URL like https://YourMWDserver.yourdomain.com/SAML/AssertionConsumerService.aspx.
Service Provider Entity ID - MyWorkDrive.
Copy the MyWorkDrive certificate from MyWorkDrive Server location C:\Wanpath\WanPath.Data\Settings\Certificates and click Choose File and attach it.
Click Download Certificate. This certificate is required for Step 2 of Configure SAML in MyWorkDrive.
Click Show Advanced Configuration and configure User Identity with the following values:
Identity Type – Email Address
Property - mail
Click Save and Finish.
Click Publish Changes.
Perform these steps to configure MyWorkDrive as a Relying Party SAML SP to RSA Cloud Authentication Service.
Please Note: Before proceeding, please ensure that the users are available in Active Directory with matching username UPN with users logging into RSA Cloud Authentication Service.
Procedure
Log into MyWorkDrive Server as administrator.
Navigate to C:\Wanpath\WanPath.Data\Settings\Certificates and place the RSA Cloud Authentication Service certificate downloaded in Step 11-a of Configure RSA Cloud Authentication Service section.
Update the SAML config located at C:\Wanpath\WanPath.Data\Settings to add <PartnerIdentityProvider> entry. In this case we used below:
<PartnerIdentityProvider Name="https://rsa-sid-pe-01.auth-dev.securid.com/saml-fe/sso"
Description="RSA Identity Provider"
SignAuthnRequest="true"
SingleSignOnServiceUrl="https://rsa-sid-pe-01.auth-dev.securid.com/saml-fe/sso"
PartnerCertificateFile="C:\Wanpath\WanPath.Data\Settings\Certificates\IDPSigningCertificate.pem"/>
Configuration is complete.
Return to the main page for more certification related information.