RSA Security Integration Guide

RSA Security allows you the ability to protect your business with products and solutions that help mitigate risk, increase information-security and governance, and remain compliant with security standards. With RSA you can detect, investigate, and remediate incidents with unprecedented precision and speed. RSA coupled with PagerDuty allows you to be automatically alerted when these incidents occur to reduce the amount of time it takes to resolve these incidents.

In RSA:

  1. In the RSA Via Access Administration Console, click the Applications tab, then click the + Add Custom Application button.

  2. From the list of applications, click +Add for the application that you wish to add. To add an application that is not in the list, click +Add Custom Application.

    1

  3. On the Basic Information page, specify the application name and click Next Step.

  4. Note: The following IDP-initiated configuration works for both IDP-initiated and SP- initiated connections.

  5. On the Connection Profile page, choose IDP-initiated and leave the Connection URL blank.2

  6. Scroll down to SAML Identity Provider (Issuer)

  7. Take note of the Identity Provider URL it will be needed later to configure PagerDuty.

    3

  8. Click Choose File and upload the RSA Via Access private key.

  9. Select the checkbox Include Certificate in Outgoing Assertion.

  10. Click Choose File and upload the cert.pem public certificate.4

  11. Scroll down to the Service Provider5a. In the Assertion Consumer Service (ACS) URL field, enter
    https://<your_instance>.pagerduty.com/sso/saml/consume
    b. In the Audience (Service Provider Entity ID) field, enter
    https://<your_instance>.pagerduty.com

  12. Scroll down to the User Identity Set the Identifier Type to Email Address and Property to mail.6

  13. Click Next Step.

  14. On the User Access page, select the desired user policy from the drop down list.7

  15. Click Next Step.

  16. On the Portal Display page, select Display in Portal.

  17. Click Save and Finish.

  18. Click Publish Changes. Your application is now enabled for SSO.8

In PagerDuty:

  1. In your account, under the Configuration tab, select Account Settings from the dropdown menu. 9

  2. Select the Single Sign-on tab on the right-side of the page.10

  3. Select the SAML radio button.

  4. Take note of the SAML Endpoint URL, this is the ACS URL on the RSA Via Access.11

  5. Paste the RSA Via Access 509 certificate into the window including the —Begin and End lines.

  6. Enter the Identity Provider URL from step 6 into the Login URL field.

  7. If you would like the users to still be able to login with their username and password that is not managed by RSA Via Access then check Allow Username/password login.

  8. Manually configure a user or check the Auto-provision users on first login.

  9. Click Save Changes.