You can enable SAML integration with Ping Identity.

Procedure

  1. In each of two Carbon Black Cloud instances, on the left navigation pane, click Settings > Users, and for SAML config select Enabled.
    SAML Config page is displayed.
  2. Log in to your Ping One account https://admin.pingone.com/web-portal/dashboard.
  3. On the Admin dashboard, click the Applications tab, Add application, then New SAML application.
  4. Fill in the appropriate fields, click Continue to Next Step, then the I have the SAML configuration tab selected tab.
  5. From the Carbon Black Cloud SAML Config page, enter the ACS field and the entity ID. Click Continue to Next Step.
  6. Click Add new attribute and enter the following fields:

    • mail: Email

    • SAML_SUBJECT: SAML_SUBJECT

      1. For the mail field, click Advanced, enter the following fields, then click Save:

        • NameFormat: urn:oasis:names:to:SAML:2.0:attrname-format:basic

        • Attribute Mapping: mail = Email

      2. For the SAML subject field, click Advanced, enter the following fields, then click Save:

        • NameFormat: urn:oasis:names:to:SAML:2.0:nameid-format:transient

        • Attribute Mapping: SAML SUBJECT = SAMLSUBJECT

      3. Click Save & Publish.

      4. In the Review Setup section, copy the SAML signing certificate and paste it into the Carbon Black Cloud SAML Config page. Copy the SSO URL and paste it into the Carbon Black Cloud SAML Config page. If your PingOne account email does not match your Carbon Black Cloud user email, configure your PingOne email login account on the Users tab.

  7. On the Carbon Black Cloud SAML Config page, click Save, then open a new browser tab or window and verify SAML Authentication.