ADFS on-prem Setup for Carbon Black Cloud / Authhub

search cancel

book

calendar_today

Carbon Black Cloud Endpoint Standard

This document provides the steps needed to setup on-premise ADFS SAML 2.0 with Carbon Black Cloud.
For the time being this process requires the help of Support. In the future this will be available via self service.
This article previously provided steps for customers to migrate to Authhub. Now that all customers have been migrated, this article is for initial SAML setup.

Open the ADFS Management Console
Open the Relying Party Trust folder, setup a new entry for Carbon Black Cloud, and select properties.
Under the Monitoring tab, if the Monitor Relying Party is checked, uncheck the box to allow the configuration to be modified.
Switch to the Identifiers tab -

Update the Display Name field if required (display name for relying party trust), and remove the existing Relying Party Identifier -
Once removed add the following Identifier - https://access.broadcom.com/default in the Relying Party identifier field and select Add -
Select the Add SAML option, and add the following Endpoints > https://access.broadcom.com/default/saml/v1/sp/acs
Confirm the changes and hit apply.
Right click the Relying Party Trust and select Edit Claim Issuance Policy
Ensure that the email claim is setup as the following by selecting the rule, and selecting edit rule
If you are making use of an outgoing transformation rule, set it up as such:
Open the Federation Metadata file for the ADFS server, typically available from https://<server host name>/FederationMetadata/2007-06/FederationMetadata.xml and share this .xml file with the Carbon Black Support team via the Wolken Support case.
Carbon Black Support will generate an Authhub.xml file with the unique Audience URI that will need to be updated in the ADFS Relying Party Trust via import.
Validate the connection by attempting to signin into the CB Cloud console via an incognito browser window.

thumb_up Yes

thumb_down No