To add Carbon Black App Control as a Service Provider for an identity provider, perform the following procedure.

In the terminology of SAML, Carbon Black App Control is a Service Provider. Identity providers and Service Providers must create a trust relationship to work together. The key step required for this trust is to exchange XML metadata with each other. The following procedure requires that you login to both your IdP and your Carbon Black App Control Console.


  1. Login to your identity provider’s website, or if you have not yet activated an IdP, create an account with one.
  2. Go to the page where your provider allows you to add a new service provider.
  3. Where prompted, enter the name (FQDN) for your Carbon Black App Control Server. For example: cbpserver1.myorg.local.
  4. Select one of the following attributes to map IdP accounts to existing Carbon Black App Control Console accounts. In either case, the data used for mapping must include an email address that matches an existing console account:
    • Use NameID in the following format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and provide the NameID Attribute that identifies email addresses on your IdP

      - or -

    • Use an attribute with name EmailAddress (capitalized as shown). If you provide EmailAddress, it is always used for mapping, even when there is no matching Carbon Black App Control Console account.

  5. Login to the Carbon Black App Control console. Click the Configuration (gear) icon in the console menu, and click System Configuration.
  6. Click the SAML Login tab.
    The SAML Configuration page
  7. n the Service Provider section, do one of the following:
    • In the Service Provider XML field, click the Click here link to download the Service Provider XML.


    • Click the Select all button and copy the XML from the window.
  8. Go to your IdP page for configuring a Service Provider and follow the instructions for importing or pasting the Carbon Black App Control XML.
  9. Enter any other information required by the IdP site, and when finished, submit or save your Service Provider information.

What to do next

Keep both the Carbon Black App Control console and the IdP website page open and continue with the following procedure: Add an Identity Provider to Carbon Black App Control.