Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard (was CB Defense)
- Enterprise EDR (was CB ThreatHunter)
- Audit and Remediation (was CB LiveOps)
- Managed Detection (was CB ThreatSight)
- SAML enabled on Settings > Users
Symptoms
- Most users able to log into Console
- One or more users unable to log into Console
- SAML/SSO login works for other applications
Cause
Mismatch between user email address in SAML provider system (Identity Provider, IdP) and Email address in Carbon Black Cloud Console (Service Provider, SP)
Resolution
- Have impacted user log into SAML/SSO provider
- Verify email address for account (typically primary email address)
- Have unaffected user log into Carbon Black Cloud Console
- Go to Settings > Users
- Verify email address for impacted User is different than in step 2
- Add new user with email address from step 2, keeping same role
- Delete incorrect User account from step 5
Additional Notes
- Email address being sent from IdP to SP MUST match, mismatch results in login failure
- If SAML is working for other applications, it is inadvisable to change the email address on the IdP-side as that can break login for the other apps
- If SAML is not working for other applications, work with SAML Admin to correct
Related Content
#EnterpriseEDR#CarbonBlackCloud