You can enable SAML integration with OneLogin.
Procedure
- In each of two Carbon Black Cloud instances, on the left navigation pane, click Settings > Users, and for SAML config select Enabled.
SAML Config page displays.
- Note the following fields:
- Audience > https://defense-<backend>.conferdeploy.net/login/saml/consume
- Recipient > https://defense-<backend>.conferdeploy.net/login/saml/consume
- ACS (Consumer) URL Validator > ^https:\/\/defense-%backend%\.conferdeploy\.net\/login\/consume\/saml\/consume\/
- ACS (Consumer) URL > https://defense-<backend>.conferdeploy.net/login/saml/consume
Leave the SAML Config window open with the two empty fields to be later populated.
- Single sign-on URL (HTTP-redirect binding)
- X509 certificate
Next, you must add Carbon Black Cloud Console to your OneLogin signon. - Open a new browser, navigate to OneLogin, and go to Apps > Add Apps in the OneLogin administrator dashboard.
Typically, https://<companycode>.onelogin.com/admin is the OneLogin url.
- Select APPS.
- Click Add APP.
- Choose SAML Test Connector (IdP).
If necessary, search for "SAML Test Connector" and select and save the first result from the search results list.OneLogin opens the application Info page.
- Click the Configuration menu.
- Under RelayState and Audience, enter the Audience URL that you copied from the Carbon Black Console during step 2.
- Under Recipient, enter the following URLs that you copied from the Carbon Black Console during step 2:
- Recipient > https://defense-<backend>.conferdeploy.net/login/saml/consume
- ACS (Consumer) URL Validator > ^https:\/\/defense-%backend%\.conferdeploy\.net\/login\/consume\/saml\/consume\/
- ACS (Consumer) URL > https://defense-<backend>.conferdeploy.net/login/saml/consume
- Leave Single Logout URL blank
- Click Parameters menu.
- Ensure Credentials are = Configured by admin.
- Click Add parameter.
- For Field name, enter mail.
- Under Field name, check the option: Include in SAML assertion.
- Under Value, select Email.
- Verify that Include in SAML assertion is checked.
- Leave the Rules tab blank.
- Click the SSO menu and do the following:
- Copy the CX509 certificate to the Carbon Black Cloud console SAML Config window that you left open in step 2.
- Copy SAML 2.0 Endpoint (HTTP) URL from OneLogin to the Carbon Black Cloud console SAML Config window that you left open in step 2 and specifically into the field: Single sign-on URL (HTTP-redirect binding)
In the Carbon Black Cloud SAML Config window, click Save. - In OneLogin, the Access menu can be left unchanged.
- Click the Users menu, add pertinent users to this application, ensure their email address matches the email used to access Carbon Black Cloud.