• Carbon Black Defense Web Console September '18 Release (0.40.x) and higher
• OneLogin SSO SAML Solution

1. Access the PSC Console
2. Navigate to Settings > Users
3. Under SAML configuration, click Edit
4. Note down the following fields:

• Audience > https://defense-<backend>.conferdeploy.net/login/saml/consume
• Recipient > https://defense-<backend>.conferdeploy.net/login/saml/consume
• ACS (Consumer) URL Validator >  ^https:\/\/defense-%backend%\.conferdeploy\.net\/login\/consume\/saml\/consume\/
• ACS (Consumer) URL > https://defense-<backend>.conferdeploy.net/login/saml/consume

• Single sign-on URL (HTTP-redirect binding)
• X509 certificate

 
Add Carbon Black PSC Console to your OneLogin signon

1. Log into OneLogin admin page, typically https://<companycode>.onelogin.com/admin
2. Select APPS
3. Click button "Add APP"
4. Choose SAML Test Connector (IdP)
5. Change name from SAML Test Connector (IdP) to Cb Defense, alternatively, upload rectangular and square icons, click Save
6. Click Configuration menu
7. Under RelayState and Audience enter URL "Audience" from PSC Console
8. Under Recipient enter URL "Recipient" from PSC Console, do the same for "ACS (Consumer) URL Validator*" and "ACS (Consumer) URL*"
9. Leave Single Logout URL blank
10. Click Parameters menu
11. Leave "Credentials are" > "Configured by admin"
12. Click "Add parameter"
13. Enter "mail" under "Field name", Check "Include in SAML assertion" Flag
14. Choose "Email" under Value,
15. "Include in SAML assertion" should be checked
16. Rules tab are left blank
17. Click SSO menu
18. Copy X509 Certificate, paste into PSC Console > "X509 certificate"
19. Copy "SAML 2.0 Endpoint (HTTP)" URL from OneLogin to "Single sign-on URL (HTTP-redirect binding)" in PSC Console
20. Save SAML Config in PSC Console
21. Access menu can be left unchanged
22. Click Users menu, add pertinent users to this application, ensure their email address matches the email used to access Carbon Black Defense