Carbon Black Cloud: Some users unable to log in using SAML
book
Article ID: 289692
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Most users able to log into Console
One or more users unable to log into Console
SAML/SSO login works for other applications
Environment
Carbon Black Cloud Console: All Versions
Endpoint Standard (was CB Defense)
Enterprise EDR (was CB ThreatHunter)
Audit and Remediation (was CB LiveOps)
Managed Detection (was CB ThreatSight)
SAML enabled on Settings > Users
Cause
Mismatch between user email address in SAML provider system (Identity Provider, IdP) and Email address in Carbon Black Cloud Console (Service Provider, SP)
Resolution
Have impacted user log into SAML/SSO provider
Verify email address for account (typically primary email address)
Have unaffected user log into Carbon Black Cloud Console
Go to Settings > Users
Verify email address for impacted User is different than in step 2
Add new user with email address from step 2, keeping same role
Delete incorrect User account from step 5
Additional Information
Email address being sent from IdP to SP MUST match, mismatch results in login failure
If SAML is working for other applications, it is inadvisable to change the email address on the IdP-side as that can break login for the other apps
If SAML is not working for other applications, work with SAML Admin to correct