You must set up at least one User Role in Carbon Black App Control for local (non-SAML) login to the console, so that you can log in if problems occur with the IdP. This User Role can also be useful for troubleshooting purposes.

You can also enable and disable local logins on the Login Accounts Edit User Role page.
Important: Limit the accounts for which you allow local login permissions to meet your compliance or standards requirements.


Perform the following procedures:


  1. On the Carbon Black App Control SAML Login page, go to the Local Login Override Permissions section. All currently defined User Roles for your App Control Server are listed.
  2. Select the Allow Local Login check box for each User Role whose users can perform a local (non-SAML) login to the console. You must select at least one role.
    The SAML Configuration page showing the User Role administrator check boxes selected to allow local login
  3. Click the Save User Roles button. User accounts that have these roles can login with SAML or with their local credentials.