You can enable SAML integration with OneLogin.

Procedure

  1. In each of two Carbon Black Cloud instances, on the left navigation pane, click Settings > Users, and for SAML config select Enabled.
    SAML Config page displays.
  2. Note the following fields:
    • Audience > https://defense-<backend>.conferdeploy.net/login/saml/consume
    • Recipient > https://defense-<backend>.conferdeploy.net/login/saml/consume
    • ACS (Consumer) URL Validator > ^https:\/\/defense-%backend%\.conferdeploy\.net\/login\/consume\/saml\/consume\/
    • ACS (Consumer) URL > https://defense-<backend>.conferdeploy.net/login/saml/consume

    Leave the SAML Config window open with the two empty fields to be later populated.

    • Single sign-on URL (HTTP-redirect binding)
    • X509 certificate
    Next, you must add Carbon Black Cloud Console to your OneLogin signon.
  3. Open a new browser, navigate to OneLogin, and go to Apps > Add Apps in the OneLogin administrator dashboard.
    Typically, https://<companycode>.onelogin.com/admin is the OneLogin url.
  4. Select APPS.
  5. Click Add APP.
  6. Choose SAML Test Connector (IdP).
    If necessary, search for "SAML Test Connector" and select and save the first result from the search results list.
    OneLogin opens the application Info page.
  7. Click the Configuration menu.
  8. Under RelayState and Audience, enter the Audience URL that you copied from the Carbon Black Console during step 2.
  9. Under Recipient, enter the following URLs that you copied from the Carbon Black Console during step 2:
    • Recipient > https://defense-<backend>.conferdeploy.net/login/saml/consume
    • ACS (Consumer) URL Validator > ^https:\/\/defense-%backend%\.conferdeploy\.net\/login\/consume\/saml\/consume\/
    • ACS (Consumer) URL > https://defense-<backend>.conferdeploy.net/login/saml/consume
  10. Leave Single Logout URL blank
  11. Click Parameters menu.
  12. Ensure Credentials are = Configured by admin.
  13. Click Add parameter.
    1. For Field name, enter mail.
    2. Under Field name, check the option: Include in SAML assertion.
    3. Under Value, select Email.
    4. Verify that Include in SAML assertion is checked.
    5. Leave the Rules tab blank.
    6. Click the SSO menu and do the following:
      • Copy the CX509 certificate to the Carbon Black Cloud console SAML Config window that you left open in step 2.
      • Copy SAML 2.0 Endpoint (HTTP) URL from OneLogin to the Carbon Black Cloud console SAML Config window that you left open in step 2 and specifically into the field: Single sign-on URL (HTTP-redirect binding)
      In the Carbon Black Cloud SAML Config window, click Save.
    7. In OneLogin, the Access menu can be left unchanged.
    8. Click the Users menu, add pertinent users to this application, ensure their email address matches the email used to access Carbon Black Cloud.