Carbon Black Cloud: Some users unable to log in using SAML
search cancel

Carbon Black Cloud: Some users unable to log in using SAML


Article ID: 289692


Updated On:


Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


  • Most users able to log into Console
  • One or more users unable to log into Console
  • SAML/SSO login works for other applications


  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard (was CB Defense)
    • Enterprise EDR (was CB ThreatHunter)
    • Audit and Remediation (was CB LiveOps)
    • Managed Detection (was CB ThreatSight)
  • SAML enabled on Settings > Users


Mismatch between user email address in SAML provider system (Identity Provider, IdP) and Email address in Carbon Black Cloud Console (Service Provider, SP)


  1. Have impacted user log into SAML/SSO provider
  2. Verify email address for account (typically primary email address)
  3. Have unaffected user log into Carbon Black Cloud Console
  4. Go to Settings > Users
  5. Verify email address for impacted User is different than in step 2
  6. Add new user with email address from step 2, keeping same role
  7. Delete incorrect User account from step 5

Additional Information

  • Email address being sent from IdP to SP MUST match, mismatch results in login failure
  • If SAML is working for other applications, it is inadvisable to change the email address on the IdP-side as that can break login for the other apps
  • If SAML is not working for other applications, work with SAML Admin to correct