Environment

• Carbon Black Cloud Console: All Versions

Objective

Resolution

1.  Log into the Carbon Black Cloud console
2. Open a second browser tab or new window and launch a second instance of the Web Console and go to Settings > Users
   • This is useful if something is misconfigured and log in using SAML fails after the initial setup. To revert just go back to the second instance and disable SAML
3. Go to Settings > Users
4. SAML is disabled by default
5. Click "Enabled" to display the SAML Configuration screen
6. Copy Single Sign-On URL from your identity provider (IdP) into 'Single sign-on URL (HTTP-Redirect Binding)' field
7. Copy X509 from IdP
8. Paste into text editor to remove carriage returns and spaces to make the X509 cert display as one line
9. Copy X509 cert into 'X509 certificate' field
10. Click Save

Additional Notes

• Once your organization has enabled SAML, administrators will no longer be able to log in with their email address and password.
• After configuring SAML, all administrators in your organization will be required to log in with your chosen identity provider.
• If you are unable to log in after enabling SAML, contact support to disable it for your organization.
• For Okta, an Attribute Statement needs to be added (called out in User Guide) to map between "mail" and "user.email"

  From the User Guide
  Set the Attribute Statement as "Name=mail", "Name format=Basic"", and "Value=user.email"

Related Content