Configuring External IDP for Federated Users

Products

Symantec Products

Issue/Introduction

Instructions for configuring External IDP for Federated Users.

Resolution

What’s Happening?

As a result of the Broadcom Inc. acquisition of the Symantec Enterprise Security Business in November 2019 (Press Release), all Symantec accounts are being migrated to Broadcom's Identity Provider (IDP).

This article provides information to you (IDP administrators) about the Broadcom-specific IDP settings.

What are the Login Changes?

Your users accessed the Symantec Product Portal through the Identify Provider (IDP) service that your organization used.

Due to migration to the new identity provider, as an IDP administrator, you now need to configure Broadcom-specific IDP settings for your organization, so that your users can continue accessing Symantec Products.

How to Configure IDP?

As an IDP administrator, you will receive an email with information to configure your IDP settings.

Configuring the external IDP for your application

Note: Ensure that you have the email sent by Symantec that contains the parameter values open, which will enable you to begin the external IDP configuration process.

1. Log in to your IDP as an administrator.
2. Select the desired application.
3. Open the SAML Settings page of the application that you selected in the Edit Mode.
4. Enter the values in the following fields

Field

Value

Assertion Consumer Service (ACS) URL

https://avagoext.okta.com/sso/saml2/{xxxxxxxxxxxxxxxxxxxx}

The ACS URL is also referred to as the Single Sign-On URL.

Audience URI (SP Entity ID)

https://www.okta.com/saml2/service-provider/{Idp_ID}

Note: Refer the external IDP configuration email for the values of the mentioned parameters. You need to copy the values from the email and paste them in the respective fields.

5. Click Save to complete the configuration of your IDP with Broadcom Okta.

Troubleshooting IDP Issues

This section includes issues related to IDP and their possible solutions.

Issue

Cause

Resolution

I am using a custom identity provider, but I am unable to sign in to the console.

This problem can occur in the following scenarios

The user is not added to the custom IDP provider.
The IDP provider fails to complete the sign in process

Use the following link to sign in to the console directly: https://us.securitycloud.symantec.com/oidc/authorize?okta_admin_flow=1

Troubleshooting Integration Issues with Azure AD (* for ICDM and SEP Cloud users only)?

1. Login to ICDM or SEP Cloud portal under your non-federated Broadcom account.

i. Locate the Broadcom account activation email that was sent to your initial administrator.

ii. If you're unable to locate the activation email follow the two links to activate your Broadcom account:

Account Self-Service Portal

Broadcom Self Service Bot

iii. Use THIS URL to login in order to bypass the redirect to identity provider as part of login.

2. After you login to the portal you'll need to reconnect to Azure AD as described in this HELP TOPIC.

Setting up External IDP - Examples

This section contains a couple of procedures as examples that you can refer to while setting up an external IDP.

Setting up Okta as External IDP
Setting up MS Azure as External IDP

Setting up Okta as External IDP

The following procedure illustrates steps to set up Okta as the IDP.

1. Log in to your respective IDP as an administrator.
2. Navigate to the Application tab and click the desired application.

3. After you navigate to the respective application, scroll down to view SAML Settings.
4. Click Edit.

The Edit SAML Integration Page is displayed (refer to below screenshot).

5. Click Next.

6. The Configure SAML tab is displayed.

7. Enter the ACS URL in the Single sign on URL field.
8. Enter the Audience URI in the Audience URI (SP Entity ID) field.

Note: Refer the external IDP configuration email for the values you need to enter in steps 7 and 8. You need to copy the values from the email and paste them in the respective fields.

9. Save these settings once done.

Setting up MS Azure as External IDP

The following procedure illustrates steps to set up MS Azure as the IDP.

1. Log in to your respective IDP as an administrator.
2. Navigate to the Azure AD – Enterprise application >> All applications tab.
3. Click the desired application.

4. Under Manage section, click the Single sign-on option of the application.

The Set up Single Sign-On with SAML tab is displayed.

5. Click the Edit icon in the Basic SAML Configuration panel.

The Basic SAML Configuration page is displayed.

6. Enter the Audience URI in the Identifier (Entity ID) field.
7. Enter the ACS URL in the Reply URL (Assertion Consumer Service URL) field.

Note: Refer the external IDP configuration email for the values you need to enter in steps 6 and 7. You need to copy the values from the email and paste them in the respective fields.