What’s Happening?
As a result of the Broadcom Inc. acquisition of the Symantec Enterprise Security Business in November 2019 (Press Release), all Symantec accounts are being migrated to Broadcom's Identity Provider (IDP).
This article provides information to you (IDP administrators) about the Broadcom-specific IDP settings.
What are the Login Changes?
Your users accessed the Symantec Product Portal through the Identify Provider (IDP) service that your organization used.
Due to migration to the new identity provider, as an IDP administrator, you now need to configure Broadcom-specific IDP settings for your organization, so that your users can continue accessing Symantec Products.
How to Configure IDP?
As an IDP administrator, you will receive an email with information to configure your IDP settings.
Configuring the external IDP for your application
Note: Ensure that you have the email sent by Symantec that contains the parameter values open, which will enable you to begin the external IDP configuration process.
1. Log in to your IDP as an administrator.
2. Select the desired application.
3. Open the SAML Settings page of the application that you selected in the Edit Mode.
4. Enter the values in the following fields
Field |
Value |
Assertion Consumer Service (ACS) URL |
https://login.broadcom.com/sso/ The ACS URL is also referred to as the Single Sign-On URL. |
Audience URI (SP Entity ID) |
https://www.okta.com/saml2/ |
Note: Refer the external IDP configuration email for the values of the mentioned parameters. You need to copy the values from the email and paste them in the respective fields.
5. Click Save to complete the configuration of your IDP with Broadcom Okta.
Troubleshooting IDP Issues
This section includes issues related to IDP and their possible solutions.
Issue |
Cause |
Resolution |
I am using a custom identity provider, but I am unable to sign in to the console. |
This problem can occur in the following scenarios
|
Use the following link to sign in to the console directly: https://us.securitycloud.symantec.com/oidc/authorize?okta_admin_flow=1 |
Troubleshooting Integration Issues with Azure AD (* for ICDM and SEP Cloud users only)?
1. Login to ICDM or SEP Cloud portal under your non-federated Broadcom account.
i. Locate the Broadcom account activation email that was sent to your initial administrator.
ii. If you're unable to locate the activation email follow the two links to activate your Broadcom account:
Account Self-Service Portal
Broadcom Self Service Bot
iii. Use THIS URL to login in order to bypass the redirect to identity provider as part of login.
2. After you login to the portal you'll need to reconnect to Azure AD as described in this HELP TOPIC.
Setting up External IDP - Examples
This section contains a couple of procedures as examples that you can refer to while setting up an external IDP.
Setting up Okta as External IDP
The following procedure illustrates steps to set up Okta as the IDP.
The Edit SAML Integration Page is displayed (refer to below screenshot).
5. Click Next.Note: Refer the external IDP configuration email for the values you need to enter in steps 7 and 8. You need to copy the values from the email and paste them in the respective fields.
9. Save these settings once done.Setting up MS Azure as External IDP
The following procedure illustrates steps to set up MS Azure as the IDP.
1. Log in to your respective IDP as an administrator.The Set up Single Sign-On with SAML tab is displayed.
5. Click the Edit icon in the Basic SAML Configuration panel.The Basic SAML Configuration page is displayed.
6. Enter the Audience URI in the Identifier (Entity ID) field.Note: Refer the external IDP configuration email for the values you need to enter in steps 6 and 7. You need to copy the values from the email and paste them in the respective fields.
Troubleshooting IDP Issues
This section includes issues related to IDP and their possible solutions.
Issue |
Cause |
Resolution |
I am using a custom identity provider, but I am unable to sign in to the console. |
This problem can occur in the following scenarios
|
Use the following link to sign in to the console directly: https://us.securitycloud.symantec.com/oidc/authorize?okta_admin_flow=1 |