Carbon Black Cloud: Can both two-factor authentication and SAML/SSO be turned on in the Console?
Carbon Black Cloud Console: All Versions
Audit and Remediation (was CB LiveOps)
Endpoint Standard (was CB Defense)
Enterprise EDR (was CB ThreatHunter)
Managed Detection (was CB ThreatSight)
In the Carbon Black Cloud Console, is it possible to have both 2fa and SAML/SSO enabled at the same time?
SAML and 2fa cannot be enabled on the Service Provider's side (Carbon Black Cloud Console) at the same time, as the workflows are mutually exclusive
Many SAML providers (Identity Providers or IdPs) also allow for 2fa to be enabled on their side, which then increases security for all applications or services (service Providers or SPs) available through the IdP
2fa increases an organization's security posture, but does not simplify the login process
SAML does not increase an organization's security posture, but does simplify the login process
Two-factor authentication employs Username/Password (UN/PW) for initial authentication (1st factor) and a one-time passcode (2nd factor) available from an enrolled device (RSA token, smartphone, tablet, etc.)
Security Assertion Markup Language (SAML) employs an Identity Provider (IdP) and a Service Provider (SP), where UN/PW is entered for initial authentication at the IdP and the authentication assertion (based on username) is passed to the SP for logging into the service being provided
SAML is most-often used to provide Single Sign-On (SSO) within an environment, allowing a user to sign in once and have their authentication assertion forwarded from the IdP and used by the different applications/services (SPs) they need throughout the day
When SAML is enabled only the authentication assertion is sent from the IdP to the SP; since this does not include both the UN and PW, 2fa cannot be enabled on the SP-side when SAML is enabled and vice versa