To support the Broadcom transition to AuthHub (January 21st through April 28th, 2025) for federated customers, Symantec has prepared an IdP update tool.   To use this tool, please follow the steps below.

During the transition period (January 21st - April 28th), customers who are federated (redirected to their organization’s IdP for authentication) will automatically passthrough the new AuthHub-based access.broadcom.com and fall back to the legacy login.broadcom.com. Therefore, customers have a three-month timeframe to schedule the minor configuration changes required.

To avoid disruption after April 28th, you must reconfigure the federation settings. Changes must be coordinated in both the customer IdP and the AuthHub.

To assist with this process, Symantec has developed a tool described below. Complete the following steps for each federated email domain before April 28th, 2025. 

1. On January 21st or 22nd, all Symantec administrators with permission to modify IdP federations will receive an email with the subject line 'Required Changes to Symantec/Carbon Black Cloud Product IdP Federation,' similar to the one shown below.
   
   
   
   
   
2. Note the email domain listed in the first paragraph of the email.  Federation reconfiguration is required for each individual email domain.
3. Using an incognito/private browser, open the Broadcom IdP Update page described in the email.
4. The URL will trigger a new authentication using the legacy login.broadcom.com for a federated email domain.
   
   Note:  You must authenticate with the correct email domain in order to load the proper configuration values.
   
   
5. Following authentication, you will be presented with a page similar to the following with details specific to the IdP involved in the authentication.
   
    
   
   
6. Confirm you are referencing the correct email domain in the first field.
7. Some IdPs (such as Microsoft’s AzureAD/Entra) allow adding URLs to an existing configured app.  If your IdP supports add actions, copy and paste the ACS (also called Reply URL) and Audience (also called Entity ID) URLs into the appropriate IdP settings.
   
   After this step is complete (e.g. adding the URLs), proceed to the Verification Step of these instructions.
   
   
8. Other IdPs (such as Auth0) require a new app to be created in the IdP related to access.broadcom.com.  For these IdPs, download the “SAML Metadata” file provided and import it to the IdP as you would a new federation.  Then, use the 'Optional Upload IdP Metadata' function to transfer the IdP's details into Broadcom's AuthHub instance.
   
   Once these tasks are complete (e.g. creating a new federation in both systems), proceed to the Verification Step.
   
   
9. Verification Step: Using a new Incognito/private browser window, open the Validation / Activation URL.  You will be prompted to authenticate via the newly set up federation.
10. After successfully authentication with the new federation configuration, a dialog with validation data will be displayed.
    
    
    
    
11. Confirm the values shown are expected for the authenticated user.  These values are extracted from the SAML assertion based on the attribute mapping in the IdP metadata file. 
12. If the values are correct and the organization is ready to complete the federation switch, click the Activate IdP button.
13. When the switch is complete, the original transition window will be re-displayed with a success banner.
    
    
    
    
14. Once this message displays the associated email domain is fully transitioned to Broadcom’s AuthHub on access.broadcom.com.

For more information regarding the authentication technology transition see "Upcoming Changes to Broadcom Login Portal for Symantec Products"