Environment
- Carbon Black Defense Web Console September '18 Release (0.40.x) and higher
- OneLogin SSO SAML Solution
Objective
Seamless access to Carbon Black Defense / Predictive Security Cloud (PSC) console through OneLogin
Resolution
- Access the PSC Console
- Navigate to Settings > Users
- Under SAML configuration, click Edit
- Note down the following fields:
Leave Window Open with empty fields, to be later populated.
- Single sign-on URL (HTTP-redirect binding)
- X509 certificate
Add Carbon Black PSC Console to your OneLogin signon
- Log into OneLogin admin page, typically https://<companycode>.onelogin.com/admin
- Select APPS
- Click button "Add APP"
- Choose SAML Test Connector (IdP)
- Change name from SAML Test Connector (IdP) to Cb Defense, alternatively, upload rectangular and square icons, click Save
- Click Configuration menu
- Under RelayState and Audience enter URL "Audience" from PSC Console
- Under Recipient enter URL "Recipient" from PSC Console, do the same for "ACS (Consumer) URL Validator*" and "ACS (Consumer) URL*"
- Leave Single Logout URL blank
- Click Parameters menu
- Leave "Credentials are" > "Configured by admin"
- Click "Add parameter"
- Enter "mail" under "Field name", Check "Include in SAML assertion" Flag
- Choose "Email" under Value,
- "Include in SAML assertion" should be checked
- Rules tab are left blank
- Click SSO menu
- Copy X509 Certificate, paste into PSC Console > "X509 certificate"
- Copy "SAML 2.0 Endpoint (HTTP)" URL from OneLogin to "Single sign-on URL (HTTP-redirect binding)" in PSC Console
- Save SAML Config in PSC Console
- Access menu can be left unchanged
- Click Users menu, add pertinent users to this application, ensure their email address matches the email used to access Carbon Black Defense
Related Content
