Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

How to Configure Single Sign On Through Azure Active Directory with VMware Carbon Black Cloud

Summary: This article walks through the configuration steps that are required to enable Single sign on (SSO) to the VMware Carbon Black Cloud through Security Assertion Markup Language (SAML) integration with Azure Active Directory (AAD). ...

This article applies to   This article does not apply to 
Check out resources for

Instructions

Affected Products:

  • VMware Carbon Black Cloud

SSO can be enabled within the Carbon Black Cloud console to allow administrators to sign on through existing Azure AD configurations.

VMware Carbon Black Cloud leverages a service provider (SP) initiated login for SSO. Before starting SSO configuration, ensure that you have access to Azure as an Application Administrator, and VMware Carbon Black Cloud as a System Administrator or an administrator with permissions to modify the SAML configuration.

  1. In a web browser, go to the appropriate login page for your region and login with your administrator account.
Note: The regional login pages are as follows.
  1. Expand Settings.

Settings
Figure 1: (English Only) Expand Settings

  1. Select Users.

Users
Figure 2: (English Only) Select Users

  1. Select Enabled under SAML Config to collect the information needed for SSO from your Carbon Black Environment.
  2. Copy the green highlighted pieces of information as they are required during the Azure configuration.
    • The orange highlighted pieces of information are required from Azure and are collected in the Azure section below.
Note:
  • This information varies depending on the Carbon Black instance to which an environment is registered.
  • No changes are made to the environment until the Single sign-on URL (HTTP-redirect binding) and the X509 certificate are populated and saved.

SAML Config
Figure 3: (English Only) SAML Config

  1. Log in to your Azure portal at https://portal.azure.com This hyperlink is taking you to a website outside of Dell Technologies. using an account that has Application Administrator or higher privileges.
  2. Go to Enterprise applications by searching within the top bar.

Enterprise applications
Figure 4: (English Only) Go to Enterprise Applications

  1. On the Enterprise Applications screen click All applications from the left Manage menu, then click the New Application option.

All applications
Figure 5: (English Only) Click New application

  1. Select the Create your own application option.

Browse Azure AD Gallery
Figure 6: (English Only) Select Create your own application

  1. In the Create your own application pane provide a name for the application, select the Integrate any other application that you don't find in the gallery (Non-gallery) radio button, then click Create.

Create your own application
Figure 7: (English Only) Select Integrate any other application you don't find in the gallery (Non-gallery)

Note: This may take several moments to create.
  1. From the application you created, select Single sign-on from the left Manage menu.

Single sign-on
Figure 8: (English Only) Select Single sign-on

  1. Within the Select a single sign-on method pane, choose SAML as the single sign-on method.

Select a single sign-on method
Figure 9: (English Only) Select SAML

  1. Click the Edit icon in the upper right of the Basic SAML Configuration section.

Basic SAML Configuration
Figure 10: (English Only) Click Edit

  1. Paste the Audience URL from the VMware Carbon Black Cloud console into the Identifier (Entity ID) field and set it as default.

Audience
Figure 11: (English Only) Paste the Audience URL into Identifier (Entity ID) field

  1. Paste the ACS (Consumer) URL from the VMware Carbon Black Cloud console into the Reply URL (Assertion Consumer Service URL) field and set it as default.

ACS (Consumer) URL
Figure 12: (English Only) Paste the ACS (Consumer) URL into the Reply URL (Assertion Consumer Service URL)

  1. Click the Save icon in the upper left of the Basic SAML Configuration pane.

Save
Figure 13: (English Only) Click Save

  1. Click the Edit icon in the upper right of the User Attributes & Claims section.

User Attributes & Claims
Figure 14: (English Only) Click Edit

  1. Click the three dots for the Additional Claims of user.surname, user.userprincipalname, user.givenname and delete those options. This leaves user.mail as the only claim in the Additional Claims section.

Required claim
Figure 15: (English Only) Delete the Additional claims for user.surname, user.userprincipalname, and user.givenname

Required claim
Figure 16: (English Only) User Mail is left

  1. Click Unique User Identifier in the Required Claim section to modify the claim.
  2. Modify the Source Attribute from user.userprincipalname to user.mail.

Attribute
Figure 17: (English Only) Modify the Source Attribute from user.userprincipalname to user.mail

  1. Expand Choose name identifier format.

Name identifier format
Figure 18: (English Only) Expand Choose name identifier format

  1. Modify the Name identifier format to Default.

Default
Figure 18: (English Only) Modify the Name identifier format to Default

  1. Click the Save icon in the upper left.
  2. Select the Claim name under the Additional Claims heading.

Claim name
Figure 19: (English Only) Select Claim Name

  1. Modify the Name to mail.
Note:
  • Not setting the Name results in INVALID_ASSERTION failures.
  • Ensure that the Namespace is cleared. Any entries in this field results in INVALID_ASSERTION failures.

Mail
Figure 20: (English Only) Clear Namespace

  1. Save the changes, then close the User Attributes & Claims pane.
  2. In the SAML Signing Certificate section, click Download next to the Certificate (Base64) option and save the certificate file. This is used when configuring the Carbon Black Cloud console.

SAML Signing Certificate
Figure 21: (English Only) Save Certificate (Base64) file

  1. Copy the Login URL from the Set up <Application Name> section. This is used when configuring the Carbon Black Cloud console.

Set up application name
Figure 22: (English Only) Copy Login URL

  1. Users must be added to the application to allow them to log in. Select Users and groups from the left Manage menu.

Users and groups
Figure 23: (English Only) Select Users and groups

  1. Select the Add user/group option.

add user/group
Figure 24: (English Only) Select Add user/group

  1. Click None Selected to add a user.

None selected
Figure 25: (English Only) click None Selected

  1. Assign the appropriate users and groups then click Select.
Note: Any users who are assigned must be added to and have an appropriate role set in the VMware Carbon Black Cloud console manually. For more information about roles, reference How to Add VMware Carbon Black Cloud Administrators.

Select
Figure 26: (English Only) Click Select

  1. Once the users that have been added, click Assign at the bottom left.

1 user selected
Figure 27: (English Only) Add Users

Assign
Figure 28: (English Only) Click Assign

Have the SAML Signing Certificate and the Login URL available from the steps within the Azure Configuration section.

  1. In a web browser, go to the appropriate login page for your region and login with your administrator account.
Note: The regional login pages are as follows.
  1. Expand Settings.

Settings
Figure 29: (English Only) Expand Settings

  1. Select Users.

USers
Figure 30: (English Only) Select Users

  1. Select Enabled under SAML Config to update the SAML configuration for SSO.
  2. Paste the Login URL from the Azure Configuration section into the Single sign-on URL (HTTP-redirect binding) field.

SAML Config
Figure 31: (English Only) Paste the Login URL into Single sign-on URL (HTTP-redirect binding)

  1. Right-click the SAML Signing Certificate that you previously downloaded from Azure and select Open with….

Right-click the SAML Signing Certificate
Figure 32: (English Only) Select Open with...

  1. Choose Notepad, or your preferred text editor, from the list to open the .cer file.

Notepad
Figure 33: (English Only) Select Notepad

  1. Copy the content of the Certificate file and paste it in the X509 certificate field.

Copy
Figure 34: (English Only) Copy content of certificate file

 

Paste
Figure 35: (English Only) Paste into X509 certificate field

Note: This field automatically truncates line-returns, and the header and footer text.

Save
Figure 36: (English Only) Field automatically truncates line-returns

Save
Figure 37: (English Only) Click Save

  1. Click Save. A message appears at the top of the screen confirming that the SAML configuration was updated.

SAML configuration updated
Figure 38: (English Only) SAML configuration updated

  1. In a web browser, go to the appropriate login page for your region and select the Sign in via SSO option.
Note: The regional login pages are as follows.

Carbon Black Cloud
Figure 39: (English Only) Carbon Black Cloud Sign in

  1. Enter the email address of a user that was assigned to the Azure application then select Sign In.

Sign in with SSO
Figure 40: (English Only) Sign in with SSO

  1. Sign into Azure then accept the End User Agreement to proceed into the Carbon Black Cloud console (if this has not been already accepted for this user account).

End User Agreement
Figure 41: (English Only) Accept the End User Agreement

The VMware Carbon Black Cloud loads as expected.

VMware Carbon Black Cloud
Figure 42: (English Only) VMware Carbon Black Cloud dashboard

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

VMware Carbon Black