App Control: How to Setup SAML Integration with DUO
search cancel

App Control: How to Setup SAML Integration with DUO


Article ID: 288833


Updated On:


Carbon Black App Control (formerly Cb Protection)


Configure SAML integration with DUO for two-factor authentication for App Control (formerly CB Protection)


  • App Control: 8.1.0 and higher
  • DUO Console


  • While logged into DUO Admin Panel (web console)
  1. Go to "Applications" on the left panel
  2. Add a new application
  • In the App Control Console
  1. Go to Settings Menu > System Configuration > SAML Login
  2. Under Service Provider section, click "Manual" 
  •  In DUO Admin Panel
  1. Fill up the following fields in Service Provider Section:
  • Service Provider Name
  • Entity ID from the CbP Configuration page
  • Assertion Consumer Service (Single Sign-On URL)
*The rest of the fields may remain blank
  1. Fill up the following fields in SAML Response Section:
  •     NameID is currently not relevant, but in the future we will support the emailAddress format; So for now, change NameID format to emailAddress and NameID attribute to mail
  •     Mapped attributes section, add an attribute with SAML Response Attribute set to "EmailAddress" with IdP Attribute set to "mail"
  1. Click "Save Configuration"
  2. Continue until Configure SAML Service Provided screen, and click "Download your configuration file"
  3. Now log into the Duo Access Gateway
  4. Navigate to Applications on the left side menu
  5. Click ''Browse'' and select the configuration file downloaded from SAML Response (Step 2)
  6. Click "Upload"
  7. The option to download the IDP XML file should be available
  8. Download the XML file
  • In the App Control Console
  1. Go to Configuration menu > System Configuration > SAML Login.
  2. Click "Add Identity Provider".
  3. Input the IDP Name and paste or upload the XML

Additional Information

Review CB Protection User Guide for ''Logging In Using SAML''