Troubleshooting SAML/SSO Login for Carbon Black Cloud
search cancel

Troubleshooting SAML/SSO Login for Carbon Black Cloud

book

Article ID: 409111

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard Carbon Black Cloud Enterprise EDR

Issue/Introduction

Steps to go through for most common Single Sign-On setup and login issues.

Environment

  • Carbon Black Cloud Console: All Supported Versions

Resolution

  1. If the migration to AuthHub was not completed and login is being blocked, follow this document.
  2. If still migrating to AuthHub make sure that the ACS URL is https://access.broadcom.com/default/saml/v1/sp/acs NOT the old URL of https://defense-prod*.conferdeploy.net/login/saml/consume as the old value will no longer function. If the old URL is configured, then make sure that the old APP is disabled and deleted, and the users are assigned to the new APP, see the additional information section below for guidance on new setup for different providers.
  3. IDP Initiated logins (or logging in directly via clicking on a SSO tile) will fail with "Permission Denied". A bookmark tile which takes the user to the console page to enter in their email can be used instead.
  4. Confirm the SAML certificate is not expired.
  5. If being redirected to access.broadcom.com or back to the Carbon Black Cloud login screen during login attempts check these steps.
  6. If none of the above steps help, pull a .HAR file while reproducing the issue in an incognito Window and provide the .HAR file to support.

Additional Information

Powered by Wolken Software