---
title: "Fortanix DSM with RSA SecurID Access"
slug: "using-fortanix-data-security-manager-with-rsa-secure-id-access"
updated: 2026-04-01T07:58:43Z
published: 2026-03-23T16:08:05Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fortanix DSM with RSA SecurID Access

## 1.0 Introduction

This article describes how to integrate**Fortanix-Data-Security-Manager (DSM)**with**RSA SecurID Access**using **SAML Relying Party** and **Single Sign-On**(**SSO) Agent** configuration.

- **Relying party** integrations use SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Fortanix DSM SAML Service Provider (SP).
- **SSO Agent** integrations use SAML 2.0 technology to direct users’ web browsers to Cloud Authentication Service for authentication. SSO Agents also provide Single Sign-On to other applications using the RSA Application Portal.

When integrated, the Fortanix DSM end users must authenticate with RSA SecurID Access to sign in.

It also contains the information that a user requires to:

- Configure RSA Cloud Authentication Service
- Configure Fortanix DSM

## 2.0 Architecture Diagram

![SecureIDRelyingParty_Arch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032440329876.png)

**Figure 1: Architecture diagram for Fortanix DSM with relying party integration**

![SecureID_SSOAgentArch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032444973716.png)

**Figure 2: Architecture diagram for Fortanix DSM with SSO agent integration**

## 3.0 Configure RSA Cloud Authentication Service

### 3.1 Add Relying Party

Perform the following steps to configure RSA Cloud Authentication Service as a relying party SAML IdP to Fortanix DSM:

1. Sign in to the RSA Cloud Administration Console and browse to **Authentication Clients** → **Relying Parties** and click **Add a Relying Party**.

![Add_Relying_Party.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032632393620.png)

**Figure 3: Add Relying Party**
2. In the **Relying Party Catalog**, click **Add**for**Service Provider SAML**.

![Service_Provider_SAML.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032634565268.png)

**Figure 4: Add service provider SAML**
3. In the **Basic Information** section, enter a name and click **Next Step**.

![Service_Provider_SAML1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032674724116.png)

**Figure 5: Enter basic information**
4. In the **Authentication** section,

![AuthenticationDetails.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032677548820.png)

**Figure 6: Authentication details**
  - Under **Authentication Details**, select **SecurID Access manages all authentication**.
  - Select the appropriate primary and additional authentication methods.
  - Click **Next Step**.
5. On the **Service Provider**page:

![ServiceProvider1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/17734336023700.png)

**Figure 7: Service provider metadata**
  - **Assertion Consumer Service (ACS) URL**: Enter the URL: `https://&lt;fortanix_dsm_url&gt;/saml`.
  - **Service Provider Entity ID** - Enter the URL: `https://&lt;fortanix_dsm_url&gt;/saml/metadata.xml`.
6. In **Audience for SAML Response** section, select **Default Service Provider Entity ID**.

![AudienceForSAML.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032852431892.png)

**Figure 8: Audience for SAML response**
7. In the **Message Protection** section, under **SAML Response Protection**section, select **IdP signs entire SAML response**.

![MessageProtection.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032868314644.png)

**Figure 9: Message protection**
8. Click **Show Advanced Configuration**.

![AdvancedConfig.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032856006676.png)

**Figure 10: Advanced configuration**
9. Under the **User Identity**section, select the following:

![UserIdentity.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032857727380.png)

**Figure 11: User identity details**
  1. **Identifier Type**: Select **Auto Detect**.
  2. **Property**: Select **Auto Detect**.
10. Click **Save and Finish**.
11. Click **Publish Changes** in the top left corner of the page and wait for the operation to complete.

![PublishChanges.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032872839060.png)

**Figure 12: Publish changes**
12. On the **My Relying Parties** page,

![MyRelyingParties.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032911381908.png)

**Figure 13: My relying parties**
  1. Select **Metadata** from the **Edit** drop down list to view and download an XML file containing your RSA SecurID Access IdP’s metadata.
  2. Click **Download Metadata File** in the **View or Download Identity Provider**Metadata page to download the file. A file named `IdpMetadata.xml` should be downloaded.

### 3.2 Add Single Sign-On Agent

Perform the following steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Fortanix DSM:

1. Sign in to the RSA Cloud Administration Console and browse to **Applications** → **Application Catalog**.
2. Click **Create From Template** and select **SAML Direct**.

![CreateSAMLDirect.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032954065812.png)

**Figure 14: Choose SAML direct connector template**
3. On the **Basic Information** section, enter the application name and click **Next Step**.

![BasicInfo.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032972875284.png)

**Figure 15: Enter basic information**
4. In the **Initiate SAML Workflow** section,

![InitiateXAML1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/17734356886676.png)

**Figure 16: Initiate XAML workflow**
  1. **Connection URL**: In the **Connection URL**field, enter the URL: `https://&lt;fortanix_dsm_url&gt;`.
  2. Select **SP-initiated**.
5. In the **SAML Identity Provider (Issuer)** section,

![SAML_IdP.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7033052671252.png)

**Figure 17: SAML IdP**
  1. **Identity Provider URL**: This will be automatically generated.
  2. **Issuer Entity ID**: This will be automatically generated.
  3. Click **Generate Cert Bundle** to generate and download a zip file containing the private key and certificate. Unzip the downloaded file to extract the certificate and private key.
  4. For the **Private Key Loaded** field,****click **Choose File** and upload the RSA SecurID Access private key.
  5. For the **Certificate Loaded** field,****click **Choose File** and upload the RSA SecurID Access public certificate.
6. Under the **Service Provider** section,

![ServiceProvider1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/17734336023700.png)

**Figure 18: Service provider details**
  1. **Assertion Consumer Service (ACS) URL**: Enter the URL: `https://&lt;fortanix_dsm_url&gt;/saml`.
  2. **Audience (Service Provider Entity ID)**: Enter the URL: `https://&lt;fortanix_dsm_url&gt;/saml/metadata.xml`.
7. Under **User Identity**section, select **Email Address** from the **Identifier Type** drop down list, select the name of your user **Identity Source** and select the **property** value as **mail**.

![UserID.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7033113711380.png)

**Figure 19: User identity**
8. Scroll to the bottom of the page and click **Next Step**.
9. On the **User Access page**, select the access policy the identity router will use to determine which users can access the Fortanix service provider. Click **Next Step**.

![AccessPolicy.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7033164471188.png)

**Figure 20: Access policy**
10. On the **Portal Display** page, configure the portal display and other settings. Click **Save and Finish**.
11. Click **Publish Changes** in the top left corner of the page and wait for the operation to complete.

![PublishChanges.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/7032872839060.png)

**Figure 21: Publish changes**
12. Navigate to **Applications** → **My Applications** and locate Fortanix in the list. Click **Edit** and then select **Export Metadata**.

## 4.0 Configure RSA SecurID Access in Fortanix DSM

Perform the following steps to integrate Fortanix DSM with RSA SecurID Access as a Relying Party SAML service provider or as a SAML SSO agent:

1. Log in to the Fortanix DSM using URL: `https://&lt;FORTANIX_DSM_URL&gt;/`.
2. In the Fortanix DSM user interface (UI), navigate to **Settings**→ **AUTHENTICATION**tab, and select **SINGLE SIGN-ON** as the authentication method.
3. Click **ADD SAML INTEGRATION** to add a new SAML integration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/SSO-Screen-1(2).png)

**Figure 22: Select SSO**
4. On the **Add SAML Integration** page,

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Ping_Identity_SAML_Logo_URL(2).png)

**Figure 24: Customize SSO**
  1. Click **UPLOAD A FILE** to browse and upload the SAML file downloaded in the *Step 12*of [*Section 3.1: Add Relying Party*](/v1/docs/using-fortanix-data-security-manager-with-rsa-secure-id-access#31-add-relying-party) or**[*Section 3.2: Add Single Sign-On Agent*](/v1/docs/using-fortanix-data-security-manager-with-rsa-secure-id-access#32-add-sso-agent)*.*

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Upload_File(1).png)

**Figure 23: Upload SAML metadata**
  2. In the **SSO Title** field, customize the SSO by adding a name in the **SSO Title** field and a URL for the logo image in the**Logo URL** field.
  3. Click **ADD INTEGRATION**.
5. After successfully integrating RSA Cloud Authentication Service as a relying party or an SSO agent, Fortanix DSM displays the configured SSO below:

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/RSA_SecurID_Configured.png)

**Figure 25: SAML IdP integrated**

## 5.0 Test the Integration

Perform the following steps to verify the SSO integration:

1. Log out of Fortanix DSM to sign in using SSO.
2. On the Fortanix DSM **Login**screen, click the **LOG IN WITH RSA SECURID ACCESS SSO**to log in using the newly added SSO configuration.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Ping_Identity_Login_DSM (1)(1).png)

**Figure 26: Sign in using SSO**
3. You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

## Related

- [Fortanix DSM with Okta](/using-fortanix-data-security-manager-sso-with-okta.md)