Configure Malwarebytes OneView single-sign on with Azure AD

The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for Malwarebytes OneView with Azure AD. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with Malwarebytes OneView.

Configure the application SSO settings

1. In Azure AD's Set up Single Sign-On with SAML screen, go to Basic SAML Configuration > click the Pencil icon.
2. In OneView, copy the Service Provider Entity ID and add it as the Identifier (Entity ID) in Azure. 
3. In OneView, copy the Assertion Consumer Service URL, add it as the Reply URL (Assertion Consumer Service URL), and check the box to mark it as default.
4. Add https://ipi-intg-partner-portal-prod.auth.us-east-1.amazoncognito.com/saml2/idpresponse as an additional Reply URL (Asserion Consumer Service URL).
5. Click the Save button.

Configure attributes

1. In Azure AD's Set up Single Sign-On with SAML screen, go to User Attributes & Claims > click the Pencil icon.
   
2. Click Add new claim.
3. Change the value of the Unique User Identifier (Name ID) to user.mail.
   
4. Add additional claims as lowercase, exactly as shown below.
   
5. Click Save.

Link Azure AD metadata with OneView

Use one of the following methods to connect the metadata with OneView

Metadata URL

1. Copy the Azure AD App Federation Metadata Url.
2. In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
3. Set Enable Single Sign-On (SSO) to ON.
4. In the top right, click Save.

Metadata XML

1. Download the Azure AD Federation Metadata XML file.
   
2. In the OneView Single Sign-On page, choose Metadata XML.
3. Drag the .xml file or click Or Select A File to upload the IDP Metadata.
4. Set Enable Single Sign-On (SSO) to ON.
5. In the top right, click Save.