The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for Malwarebytes OneView with Azure AD. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with Malwarebytes OneView.
Configure the application SSO settings
- In Azure AD's Set up Single Sign-On with SAML screen, go to Basic SAML Configuration > click the Pencil icon.
- In OneView, copy the Service Provider Entity ID and add it as the Identifier (Entity ID) in Azure.
- In OneView, copy the Assertion Consumer Service URL, add it as the Reply URL (Assertion Consumer Service URL), and check the box to mark it as default.
- Add https://ipi-intg-partner-portal-prod.auth.us-east-1.amazoncognito.com/saml2/idpresponse as an additional Reply URL (Asserion Consumer Service URL).
- Click the Save button.
Configure attributes
- In Azure AD's Set up Single Sign-On with SAML screen, go to User Attributes & Claims > click the Pencil icon.
- Click Add new claim.
- Change the value of the Unique User Identifier (Name ID) to user.mail.
- Add additional claims as lowercase, exactly as shown below.
- Click Save.
Link Azure AD metadata with OneView
Use one of the following methods to connect the metadata with OneView
Metadata URL
- Copy the Azure AD App Federation Metadata Url.
- In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Metadata XML
- Download the Azure AD Federation Metadata XML file.
- In the OneView Single Sign-On page, choose Metadata XML.
- Drag the .xml file or click Or Select A File to upload the IDP Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.