Carbon Black AuthHub Migration for PingIndentity
search cancel

Carbon Black AuthHub Migration for PingIndentity

book

Article ID: 394615

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Container Carbon Black Cloud Endpoint Standard Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Managed Detection (formerly Cb Threatsight) Carbon Black Cloud Managed Detection and Response Carbon Black Cloud Managed Threat Hunting Carbon Black Cloud Prevention Carbon Black Cloud Workload

Issue/Introduction

Steps needed to complete the Carbon Black Cloud AuthHub migration for customers using PingIndentity.

Environment

- Carbon Black Cloud
- PingIdentity

Resolution

  1. Create a new Application in PingIdentity. **Do not re-use the old one** - it will be needed should the migration need to be reverted.
    1. Within PingIdentity navigate to >Applications> and click the plus sign to create a new application




    2. Give the application a name and select "SAML Application" as the Application Type, then click "Configure".



  2. Under "Provide Application Metadata" Select "Manually Enter" then set "ACS URLs" to https://access.broadcom.com/default/saml/v1/sp/acs and "Entity ID" to https://access.broadcom.com/default/idp/ for now, then click Save. You will need to come back to modify the "Entity ID" in step 6 once you get the final value from the Carbon Black migration wizard.
     
  3. Click on the created application in Applications page, and under Overview copy the "Single Signon Service" and "Issuer ID" URLs, and click on "Download Signing Certificate" > "X509 PEM (.crt)"




  4. Click on "Attribute Mappings" tab




  5. Add the attributes as shown in below screenshot



  6. Complete the "Configure Authhub" page within the Cloud AuthHub migration wizard




        - First name attribute
        - From Step 5. (Email)
        - Last name attribute
        - From Step 5. (FirstName)
        - Email attribute
        - From Step 5. (LastName)
        - Entity ID or Issue ID
        - This is the "Issuer ID" copied in Step 3
        - Starts with "https://auth.pingone."
        - Single sign-on URL (HTTP-redirect binding)
        - This is the "Single Signon Service" from Step 3
        - Starts with "https://auth.pingone"
        - x509 certificate:
          Open the X509 PEM (.crt) file downloaded in Step 3 and copy the value between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" and paste it in this input field.

  7. Next, back in PingIdentity page and open the window shown in Step 3, and click on the protocol SAML to set the (Entity ID) to the "Entity ID / Audience" shown in the migration wizard. 



    The Overview tab


    Paste the link under Entity ID field




     
  8. Complete the rest of the migration wizard.
Powered by Wolken Software