The following instructions assist the Identity Provider administrator with the setup of single sign-on (SSO) for Nebula with Microsoft AD FS. Nebula only supports SAML 2.0 authentication protocol.
- The email address used for the Nebula account must match the email address used for AD FS.
- Administrator access to the Nebula.
- Server Manager Administrators access, or equivalent, on the local computer.
- Ensure your environment meets the minimum operating system and external access requirements.
- Ensure that the time set on the AD FS server is not set to a future time.
Add new relying party trust to AD FS configuration database
- In Server Manager, select Tools > AD FS Management > Actions > click the Start button.
- Log in to Nebula and go to Configure > Single Sign-on. Download the Nebula Service Provider Metadata.
- Back in AD FS, select Import data about the relying party from a file > Browse... to locate and add the Nebula metadata.xml file > click Next.
- Create a display name for the application that your users can easily identify. For example, Nebula. Click Next when satisfied.
- Select I do not want to configure multi-factor authentication settings for this relying party trust at this time > click Next.
- Select Permit all users to access this relying party > click Next.
- Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes > click Close.
- Select Add Rule... in the new dialog screen.
- Select Send LDAP Attributes as Claims from the drop down menu > click Next.
- Create a Claim rule name > configure the following LDAP attributes:
E-Mail Addresses to Outgoing Claim Type: email
E-Mail Addresses to Outgoing Claim Type: nameid
- Download the FederationMeta.xml from: https://YourADFSServer/federationmetadata/2007-06/federationmetadata.xml
NOTE: Replace YourADFSServer with your ADFS server information.
- In the Nebula platform, upload the FederationMetadata.xml into cloud.malwarebytes.com by dragging the file into the area, or selecting the file path.
- Toggle Enable Single Sign-On (SSO) to ON > click SAVE to complete the integration process.