logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Process When Using Both SAML and Active Directory Integration

App Control: Process When Using Both SAML and Active Directory Integration

Environment

  • App Control Console: All Supported Versions
  • Microsoft Active Directory

Objective

This document describes the new user login procedure when using both SAML and Active Directory together. 

Resolution

Before using SAML integration, a user account with an email address must exist in the App Control console for the integration to work. 
This could be done by either:
  • Set up the user manually under the Login Accounts menu
  • Log in using an Active Directory account first which will sync the email address using the account attributes from AD
  • Import a list of user using the API

Additional Notes

  • If the user account doesn't already exist when you attempt a SAML login, the login will fail
  • If the email address in Active Directory is different than the email sent in the SAML assertion, the login will fail
  • For example, the login will fail if the AD user email was: 
    "FirstNameLastName@domain.local", but the SAML email was "FirstNameLastName@domain.com"

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎11-20-2018
Views:
1163
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.