After you save a properly configured IdP in Carbon Black App Control, you can use SAML to login.

A new button with your identity provider name appears on the Carbon Black App Control Login page.

The SAML Login option on the Carbon Black App Control login page

When a user clicks the SAML button, they are directed to the login page of the IdP. If they provide their correct credentials in the IdP, they are logged into the Carbon Black App Control Console as the user whose email address matches the one for the IdP account.

Users with one of the roles configured to allow local logins can click Log in with a different account and enter their Carbon Black App Control credentials to access the console.

A user who attempts a local login without having a User Role that allows this receives a login error that instructs them to use a valid user name and password.

Important: The IdP account you login with must have the same email address (specified through the EmailAddress or NameID value of the IdP) as a user in Carbon Black App Control. The identities are not matched by name. If the email address for the IdP account that a user logs in with does not match the email address of any Carbon Black App Control user, the login fails.