Single sign-on (SSO) is a method for authenticating user access to multiple applications using a single set of login credentials. This article provides an overview of OneView SSO and how to configure this option. For details on using SSO across your users, see Single sign-on scenarios with Malwarebytes OneView.
Enable Single Sign-On
- Log in to Malwarebytes OneView.
- On the left navigation menu, click Configure > Users.
- Click the Single Sign-On tab.
- Toggle on Enable Single Sign-On (SSO).
- Toggle on Just-In-Time (JIT) Provisioning to automatically create a OneView user profile when a user logs in for the first time.
- Select a default role to assign to users created through JIT provisioning.
- Toggle on Require SSO for certain roles to enforce SSO for selected user roles.
- Note: This setting is ignored for users with MFA enabled.
- Toggle on Just-In-Time (JIT) Provisioning to automatically create a OneView user profile when a user logs in for the first time.
- Click Save.
Link your single-sign on tool to Malwarebytes
For single sign-on to work, connect Malwarebytes OneView to your Identity Provider (IDP). Email addresses in the IDP need to have the same case as their existing OneView emails.
- From your IDP, generate the Metadata URL or XML file. Refer to the following under the OneView Service Provider Details:
- Service Provider Entity ID: The unique entity ID of Malwarebytes OneView as a Service Provider.
- Assertion Consumer Service URL: The IDP redirects the authentication response to this URL.
-
Additional Reply URL: Some IDPs require an additional whitelisted reply URL to receive the SAML response.
https://ipi-intg-partner-portal-prod.auth.us-east-1.amazoncognito.com/saml2/idpresponse -
SAML assertion attributes:
SAML attribute name Value http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress User Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname User First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/familyname User Last Name
- Under Identity Provider (IDP) Metadata, enter the Metadata URL or select Metadata XML to upload the XML file.
- Click Save.
If you are locked out of your OneView console due to improper SSO configuration, contact support.
Return to the Malwarebytes OneView User Guide