Process When Using Both SAML and Active Directory Integration
search cancel

Process When Using Both SAML and Active Directory Integration

book

Article ID: 290790

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

This document describes the new user login procedure when using both SAML and Active Directory together. 

Environment

  • App Control Console: All Supported Versions
  • Microsoft Active Directory

Resolution

Before using SAML integration, a user account with an email address must exist in the App Control console for the integration to work. 
This could be done by either:
  • Set up the user manually under the Login Accounts menu
  • Log in using an Active Directory account first which will sync the email address using the account attributes from AD
  • Import a list of user using the API

Additional Information

  • If the user account doesn't already exist when you attempt a SAML login, the login will fail
  • If the email address in Active Directory is different than the email sent in the SAML assertion, the login will fail
  • For example, the login will fail if the AD user email was: 
    "[email protected]", but the SAML email was "[email protected]"
Powered by Wolken Software