If customer's IdP (that is used to access CB) has prolonged outage, the access to CB Cloud console will be hindered.

This article is provided to explain the steps to access Carbon Black Cloud Console using local authentication as temporary backup login method.

Carbon Black Cloud Console: any version.

Customer's IdP is broken, and there is a need to access Carbon Black Cloud dashboard using email and password bypassing the SSO redirection.

The simplest way to access CBC with Credentials, is to bypass the redirection to the configured IdP using this URL https://accounts.saas.broadcomcloud.com/oidc/authorize?admin_flow=1 

The user that will authenticate should have password pre-configured for his/her account to be able to authenticate at AuthHub console that will open once you click on above URL.

The first administrator with which the CBC account has been created, should have credentials to authenticate at AuthHub side.

Once the authentication is successful at AuthHub, you can open the CBC console in a new page and enter the same email address and click login button, and it should redirect to AuthHub, then back to CBC.

In some corner cases, when the Carbon Black Cloud account doesn't have any users with local credentials, then Broadcom support can convert some users to local, without disabling or deactivating the SAML, and such local users can use above link to bypass the SAML flow.

As for deactivating the SAML configuration by support (While you fix your IdP) OR for converting few users to local login while keeping the domain federated, if any user under customer's site ID opens a ticket with support and requests above, support will request the following details:

1. The CBC org ID.
2. The CBC URL used by you to open CBC Console.
3. The domain used for the SAML process that you want to deactivate. OR the users you want to convert to local (Non-federated).

Once above is provided, support will disable SAML for that domain and open an internal ticket with the relevant engineering team to convert all the requested federated users to credential based users, and users that never had credentials to authenticate to AuthHub will receive emails to set up that password.

Users who set up previous credentials to access AuthHub, they will be able to login to CBC using their credentials after authenticating with their credentials at AuthHub side.

Follow below steps in order to bypass SSO for CBC login:

1. Open your browser of choice in incognito mode (Private mode).
2. Open this URL in the first tab https://accounts.saas.broadcomcloud.com/oidc/authorize?admin_flow=1
3. It will ask you for authentication, provide your login email address and the password to login.
   Note: The user email should have local login credentials pre-configured before the IdP integration.
   If the user has been added post the IdP integration, it will not have the possibility to use this bypass procedure.
4. You will land into the page https://accounts.security.com/cc/welcome or https://accounts.security.com/cc/noAccount in case of having only Carbon Black Cloud account.
5. Open the second tab, and go to Carbon Black Cloud URL.
6. Enter the same email address you used in the first tab in step 3.
7. You will be redirected to AuthHub page, where you already authenticated to in the first tab, and it will redirect you back to the landing page of your Carbon Black Cloud dashboard.