Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

How to Configure Single Sign On Through Azure Active Directory with VMware Carbon Black Cloud

Summary: This article walks through the configuration steps that are required to enable Single sign on (SSO) to the VMware Carbon Black Cloud through Security Assertion Markup Language (SAML) integration with Azure Active Directory (AAD). ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

Affected Products:

  • VMware Carbon Black Cloud

SSO can be enabled within the Carbon Black Cloud console to allow administrators to sign on through existing Azure AD configurations.

VMware Carbon Black Cloud leverages a service provider (SP) initiated login for SSO. Before starting SSO configuration, ensure that you have access to Azure as an Application Administrator, and VMware Carbon Black Cloud as a System Administrator or an administrator with permissions to modify the SAML configuration.

  1. In a web browser, go to the appropriate login page for your region and login with your administrator account.
    Note: The regional login pages are as follows.
  2. Expand Settings.
    Settings
  3. Select Users.
    Users
  4. Select Enabled under SAML Config to collect the information needed for SSO from your Carbon Black Environment.
  5. Copy the green highlighted pieces of information as they are required during the Azure configuration.
    • The orange highlighted pieces of information are required from Azure and are collected in the Azure section below.
      Note:
      • This information varies depending on the Carbon Black instance to which an environment is registered.
      • No changes are made to the environment until the Single sign-on URL (HTTP-redirect binding) and the X509 certificate are populated and saved.

      SAML Config
  1. Log in to your Azure portal at https://portal.azure.com This hyperlink is taking you to a website outside of Dell Technologies. using an account that has Application Administrator or higher privileges.
  2. Go to Enterprise applications by searching within the top bar.
    Enterprise applications
  3. On the Enterprise Applications screen click All applications from the left Manage menu, then click the New Application option.
    All applications
  4. Select the Create your own application option.
    Browse Azure AD Gallery
  5. In the Create your own application pane provide a name for the application, select the Integrate any other application that you don't find in the gallery (Non-gallery) radio button, then click Create.
    Create your own application
    Note: This may take several moments to create.
  6. From the application you created, select Single sign-on from the left Manage menu.
    Single sign-on
  7. Within the Select a single sign-on method pane, choose SAML as the single sign-on method.
    Select a single sign-on method
  8. Click the Edit icon in the upper right of the Basic SAML Configuration section.
    Basic SAML Configuration
  9. Paste the Audience URL from the VMware Carbon Black Cloud console into the Identifier (Entity ID) field and set it as default.
    Audience
  10. Paste the ACS (Consumer) URL from the VMware Carbon Black Cloud console into the Reply URL (Assertion Consumer Service URL) field and set it as default.
    ACS (Consumer) URL
  11. Click the Save icon in the upper left of the Basic SAML Configuration pane.
    Save
  12. Click the Edit icon in the upper right of the User Attributes & Claims section.
    User Attributes & Claims
  13. Click the three dots for the Additional Claims of user.surname, user.userprincipalname, user.givenname and delete those options. This leaves user.mail as the only claim in the Additional Claims section.
    Required claim
    Required claim
  14. Click Unique User Identifier in the Required Claim section to modify the claim.
  15. Modify the Source Attribute from user.userprincipalname to user.mail.
    Attribute
  16. Expand Choose name identifier format.
    Name identifier format
  17. Modify the Name identifier format to Default.
    Default
  18. Click the Save icon in the upper left.
  19. Select the Claim name under the Additional Claims heading.
    Claim name
  20. Modify the Name to mail.
    Note:
    • Not setting the Name results in INVALID_ASSERTION failures.
    • Ensure that the Namespace is cleared. Any entries in this field results in INVALID_ASSERTION failures.

    Mail
  21. Save the changes, then close the User Attributes & Claims pane.
  22. In the SAML Signing Certificate section, click Download next to the Certificate (Base64) option and save the certificate file. This is used when configuring the Carbon Black Cloud console.
    SAML Signing Certificate
  23. Copy the Login URL from the Set up <Application Name> section. This is used when configuring the Carbon Black Cloud console.
    Set up application name
  24. Users must be added to the application to allow them to log in. Select Users and groups from the left Manage menu.
    Users and groups
  25. Select the Add user/group option.
    add user/group
  26. Click None Selected to add a user.
    None selected
  27. Assign the appropriate users and groups then click Select.
    Note: Any users who are assigned must be added to and have an appropriate role set in the VMware Carbon Black Cloud console manually. For more information about roles, reference How to Add VMware Carbon Black Cloud Administrators.

    Select
  28. Once the users that have been added, click Assign at the bottom left.
    1 user selected
    Assign

Have the SAML Signing Certificate and the Login URL available from the steps within the Azure Configuration section.

  1. In a web browser, go to the appropriate login page for your region and login with your administrator account.
    Note: The regional login pages are as follows.
  2. Expand Settings.
    Settings
  3. Select Users.
    USers
  4. Select Enabled under SAML Config to update the SAML configuration for SSO.
  5. Paste the Login URL from the Azure Configuration section into the Single sign-on URL (HTTP-redirect binding) field.
    SAML Config
  6. Right-click the SAML Signing Certificate that you previously downloaded from Azure and select Open with….
    Right-click the SAML Signing Certificate
  7. Choose Notepad, or your preferred text editor, from the list to open the .cer file.
    Notepad
  8. Copy the content of the Certificate file and paste it in the X509 certificate field.
    Copy
    Paste
    Note: This field automatically truncates line-returns, and the header and footer text.

    Save
    Save
  9. Click Save. A message appears at the top of the screen confirming that the SAML configuration was updated.
    SAML configuration updated
  1. In a web browser, go to the appropriate login page for your region and select the Sign in via SSO option.
    Note: The regional login pages are as follows.

    Carbon Black Cloud
  2. Enter the email address of a user that was assigned to the Azure application then select Sign In.
    Sign in with SSO
  3. Sign into Azure then accept the End User Agreement to proceed into the Carbon Black Cloud console (if this has not already been accepted for this user account).
    End User Agreement
    The VMware Carbon Black Cloud loads as expected.
    VMware Carbon Black Cloud

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

VMware Carbon Black
Article Properties
Article Number: 000193536
Article Type: How To
Last Modified: 04 Nov 2024
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.