Carbon Black AuthHub Migration for OneLogin
search cancel

Carbon Black AuthHub Migration for OneLogin

book

Article ID: 394768

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Container Carbon Black Cloud Endpoint Standard Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Managed Detection (formerly Cb Threatsight) Carbon Black Cloud Managed Detection and Response Carbon Black Cloud Managed Threat Hunting Carbon Black Cloud Prevention Carbon Black Cloud Workload

Issue/Introduction

Steps needed to complete the Carbon Black Cloud AuthHub migration for customers using OneLogin.

Environment

- Carbon Black Cloud  
- OneLogin

Resolution

  1. Create a new Application in OneLogin. **Do not re-use the old one** - it will be needed should the migration need to be reverted.
    1. Within OneLogin navigate to >Applications> and click the "Add App" button on the top right side, then type in the search field "SAML Custom Connector"
             Click on the Application "SAML Custom Connector" and give it a name, then click Save.




       
    2. Click on the created application, and go to the configuration tab




  2. Set "Recipient" and "ACS (Consumer) URL" to https://access.broadcom.com/default/saml/v1/sp/acs and "Audience (EntityID)" to https://access.broadcom.com/default/idp/ for now, then click Save. You will need to come back to modify the "Entity ID" in step 6 once you get the final value from the Carbon Black migration wizard.





  3. Click on SSO tab and copy the "SAML 2.0 Endpoint (HTTP)" and "Issuer URL" URLs, and click on view details of X.509 Certificate, then in the opened new window copy the X.509 Certificate to a text file to use them in later steps.






     
  4. Click on "Parameters" tab, and add the attributes as shown below, and make sure the "Include in SAML assertion" is checked in for each attribute








     
  5. Complete the "Configure Authhub" page within the Cloud AuthHub migration wizard  




            - First name attribute
            - From Step 4. (Email)  
            - Last name attribute  
            - From Step 4. (FirstName)  
            - Email attribute 
            - From Step 4. (LastName)  
            - Entity ID or Issue ID
            - This is the "Issuer URL" copied in Step 3  
            - Starts with "https://app.onelogin.com/saml/metadata/"  
            - Single sign-on URL (HTTP-redirect binding)
            - This is the "SAML 2.0 Endpoint (HTTP)" from Step 3  
            - Starts with "https://<InstanceName>..onelogin.com/trust/saml2/http-post/sso/"  
            - x509 certificate:
              Open the X509 PEM (.crt) file downloaded in Step 3 and copy the value between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" and paste it in this input field.  


  6. Next, back in OneLogin page and open the window shown in Step 2 and click on the "Configuration" tab to set the (Entity ID) to the "Entity ID / Audience" shown in the migration wizard.   



    The Configuration tab






  7. Complete the rest of the migration wizard.
Powered by Wolken Software