Carbon Black AuthHub Migration for Microsoft Azure IDP
search cancel

Carbon Black AuthHub Migration for Microsoft Azure IDP

book

Article ID: 389598

calendar_today

Updated On: 04-22-2025

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Managed Detection and Response Carbon Black Cloud Managed Detection (formerly Cb Threatsight) Carbon Black Cloud Managed Threat Hunting Carbon Black Cloud Prevention Carbon Black Cloud Workload

Issue/Introduction

Steps needed to complete the Carbon Black Cloud AuthHub migration for customers using Microsoft Azure IDP. 

Environment

  • Carbon Black Cloud
  • Microsoft Azure

Resolution

  1. Create a new Enterprise Application in Azure. Do not re-use the old one - it will be needed should the migration need to be reverted.
    1. Within Microsoft Azure navigate to > Entra ID / Enterprise Applications and click "New Application"


    2. Click "Create your own application" > Integrate any other application you don't find in the gallery (non-gallery)


    3. Select the newly created enterprise application and select "Users and Groups". Configure the desired users and groups for access.
    4. Click "Single sign-on" > SAML


  2. Under "Basic SAML Configuration" set the "Identifier" and "Reply URL" to https://access.broadcom.com/default/saml/v1/sp/acs for now. You will need to come back to modify the "Identifier" in step 7 once you get the final value from the Carbon Black migration wizard.
  3. Click "Edit" under the Attributes & Claims section.



  4. Grab the full Claim name for the First name attribute, Last name attribute, and Email attribute.


  5. Next grab the "Microsoft Entra Identifier" and "Login URL"
  6. Complete the "Configure Authhub" page within the Cloud AuthHub migration wizard
    • First name attribute
      • From Step 4
    • Last name attribute
      • From Step 4
    • Email attribute
      • From Step 4
    • Entity ID or Issue URL / Issue Unique Identifier
      • This is the "Microsoft Entra Identifier" shown in Step 5
      • Starts with "https://sts.windows.net"
    • Single sign-on URL (HTTP-redirect binding)
      • This is the "Login URL" from Step 5
      • Starts with "https://login.microsoftonline.com"
    • x509 certificate
  7. Next, back in Azure under "Basic SAML Configuration" set the Identifier (Entity ID) to the "Entity ID / Audience" shown in the migration wizard. Confirm the Reply URL (Assertion Consumer Service URL) is set to the "Assertion Consumer Service URL / Recipient" shown in the wizard as well.

    NOTE: These should not be the same value.




  8. Complete the rest of the migration wizard.

Additional Information

Powered by Wolken Software