Configure DUO SAML For Use With Console Logins

search cancel

book

calendar_today

Carbon Black App Control (formerly Cb Protection)

What are the required DUO SAML Attribute Settings for use with the App Control Console?

ATTENTION: The following information is a best effort.

Aspects of configuring DUO for use with Service Providers (App Control) may have changed since this was written.
- Maintaining documentation on 3rd party applications is outside the scope of Carbon Black Support.
- Assistance from DUO Support may be required to properly configure the SAML Response for use with App Control.
As a reminder, users must first exist in the App Control Console with an email address that matches the user in DUO.
Review Integrate an Identity Provider (IdP) for SAML Logins for more details.

Log in to the App Control Console
1. Navigate to: Settings > System Configuration > SAML Login
2. Service Provider > choose Manual
3. Note the details as they will be required in the next step
Log in to the DUO Admin Panel
1. Navigate to: Applications > Application Catalog > Add a new Generic SAML Service Provider
2. In the Service Provider Section specify the details from the App Control Console
  - Service Provider Name (ex: App Control)
  - Entity ID
  - Assertion Consumer Service (Single Sign-On URL)
  - The rest of the fields may remain blank
3. In the SAML Response Section map the Attributes accordingly
  - Be sure to add a Custom Attribute of EmailAddress (capitalized as shown)
  - Map the Custom Attribute to the relevant email address field
4. Click Save Configuration
5. After completing, review the Metadata information provided by DUO and download the SAML Metadata XML
In the App Control Console
1. Settings > System Configuration > SAML Login.
2. Identity Provider > Add Identity Provider
3. Input the IDP Name (ex: DUO) and paste (or upload) the SAML Metadata XML from DUO.

thumb_up Yes

thumb_down No