If your organization uses a single sign-on provider, you may connect it to Malwarebytes Nebula. This article provides an overview of Malwarebytes single sign-on configuration and basic setup steps.
Go to Settings > Single Sign-On. Single-Sign On is turned off by default.
Enable Single Sign-On to allow the Malwarebytes console to control logins through your identity provider.
Link your single-sign on tool to Malwarebytes
For single sign-on to work, connect Malwarebytes Nebula to your provider.
- Use your single sign-on tool to generate an XML file. This file is used to integrate your tool with Malwarebytes Nebula. If you need assistance generating this file, contact your single sign-on provider.
- Drag the generated XML file onto the Upload New Metadata XML box. You may upload a new XML at any time to change single-sign on settings.
- Click SAVE.
Link Malwarebytes to your single-sign on tool
Now that Malwarebytes has your single-sign on tool XML data, you need to provide similar data from Malwarebytes to your single-sign on tool.
- Scroll down to Malwarebytes Service Provider Details.
- Click the link next to Service Provider Metadata.
- Your web browser downloads a metadata.xml file.
- Upload this file to your single sign-on tool.
If your single sign-on tool needs additional details, refer to the other on-screen items in this section.
Enable the Service Provider Initiated SSO setting to have Malwarebytes use your email address to perform an identity provider lookup. When the lookup succeeds, future logins route through your identity provider’s existing login methods. If the lookup does not succeed, future logins prompt for a password.
Enable Just-in-Time (JIT) Provisioning to allow IT administrators to determine if Malwarebytes automatically creates a user account when a new user attempts to log in. If the new user's role is specified in the SAML Assertion, that role is assigned to the user within Malwarebytes.
Malwarebytes Console expects the following SAML Attributes:
- email: Required.
- display_name: Optional. If left blank, the user's email address is used.
- role: Optional. Values can be ReadOnly, Admin, and SuperAdmin. If a role isn't selected, ReadOnly is used.
ReadOnly or Admin roles are only allowed access to the Default Group. Super Admin roles are given access to all groups.
Return to the Malwarebytes Nebula Administrator Guide.