CASB login deprecation date announced for all non Broadcom logins
search cancel

CASB login deprecation date announced for all non Broadcom logins

book

Article ID: 367448

calendar_today

Updated On:

Products

CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

Broadcom will deprecate both the traditional CASB login and the Elastica SSO login when CloudSOC 3.180 is released: 

EU (June 03, 2025)
US (June 05, 2025)

CloudSOC will only support the Broadcom login.

Prior to CASB 3.180 there were 3 login types.

  • Broadcom Login: Auth credentials user \ password are stored in a Broadcom IDP used for all Broadcom cloud products.
    • *** Broadcom Login can be federated into a customer's IDP for user validation. SP (Service Provider login only.)
  • Traditional CASB login: Auth credentials user \ password stored in CASB.
    • CASB 2FA: 2nd factor (email) login available for traditional CASB logins.
  • Elastica Single Sign On: Auth provided by the customer's IDP.

Resolution

The Broadcom login will be the only supported method for authentication to CloudSOC \ CASB.  This is the same method already used by other Broadcom cloud applications such as ICDm, CWA, CWP, CMP Cloud SWG...  

*** NOTE

On January 21 2025 the Broadcom login moved to a new IDP vendor (AuthHub). The first login attempt will appear as a locked account. Unlocking the account will add the user to AuthHub automatically. See KB 372941

The Broadcom 2FA (email as 2nd factor) authentication that was only available for the traditional CASB login is not available for the Broadcom login. (It was not available for the Elastica SSO login.)

The Broadcom login is an important requirement for the upcoming multi tenant switching feature.

The Broadcom login can be federated using the customer's IDP in order to validate the user.  An IDP initiated login from the customer's IDP is not supported. The following Techdocs offers selfservice to federate the login Account Self Service Provider page TechDoc

 

Immediate Actions:

Verify CloudSOC SysAdmin \ Admins can perform a Broadcom login for from the CloudSOC\CASB login pages  EU Region US Region

 

If a federated login is desired, see TechDoc for step on federating with your IDP.

Federating the Broadcom login can be performed now even while the Elastica SSO is in production. After validation testing we recommend disabling the Elastica SSO.

Additional Information

FAQ:

Q: What if I don't have a Broadcom login?

A: The CloudSOC login attempt will create a Broadcom user. A welcome email will be sent to confirm the account and set a password. If you have a Broadcom user but do not know the password use the forgot password link.  

 

Q: Do I have to federate the Broadcom login?

A: No. The federated login gives you one less password to manage since your IDP will perform the validation.

  

Q: Do I have to federate the Broadcom login for each Broadcom cloud product?

A: No. The federated Broadcom login for an email domain will apply to all Broadcom Cloud products using the Broadcom login.

 

Q: How do I federate the Broadcom login?

A:  TechDoc

 

Q: Do you have a high level example of how to federate the Broadcom login?

A: KB 270310 provides a simple federation with Azure SSO. Consult your IDP vendor for greater detail.

 

Q: Will federating the Broadcom login break the other login methods for CASB?

A: No. All login methods will work until 3.180 June 3rd for the EU and June 8th for the US.

 

Q: If the Broadcom login has already been federated do I need to do anything for CASB?

A: No. The Federation will apply to all Broadcom Cloud products using the Broadcom login.

Powered by Wolken Software