Skip to main content
McAfee MVISION Cloud

Configure MVISION Cloud Login for SAML and SSO

For customers using Single Sign-on to login to MVISION Cloud, there are additional steps to configure your new login workflow.

  1. Configure a new IdP app.
  2. Input your SAML Configuration information in MVISION Cloud.
  3. Update your IdP application with the new information from MVISION Cloud. 
  4. Once you have configured SAML in MVISION Cloud, contact MVISION Cloud Support, so they can enable login authentication for your tenant. 

NOTE: This new app will not affect your existing MVISION Cloud SAML configuration in any way. Your existing SAML login continues to work as expected. The configuration you create by using the following steps are saved separately within McAfee IAM systems. 

Configure a New IdP App 

Configure a new IdP app in your Single Sign-on solution. This gives you the Identity Provider URL, Issuer URL, and the X.509 certificate. 

For now, use placeholder information for the ACS URL and the Audience URI. Those are filled in when you get to Edit Your IdP App SAML Settings

Input your SAML Configuration into MVISION Cloud

Find the Required IdP Information

You need the following information from your IdP application. We have included basic steps for Okta. 

  1. Log in to Okta. 
  2. Click Admin
  3. Select your Application. 
  4. Go to the Sign On tab. 
  5. Under SAML 2.0, click View Setup Instructions. From here you can get:
    • Identity Provider Single Sign On URL. This is the Login URL required for MVISION Cloud. 
    • Identity Provider Issuer. This is the Issuer required for MVISION Cloud.
    • X.509 Certificate. Download this certificate to upload it to MVISION Cloud. 
  6. Go to the General tab. From here you can get:
    • Signature Algorithm. 
    • SP-Initiated Request Binding.

Configure SAML for MVISION Cloud Users

Use this tab to enable SSO and configure SAML to allow users to access the MVISION Cloud user interface without separate login credentials. 

  1. Go to Settings > User Management > SAML Configuration
  2. Select the tab MVISION Cloud Users
    saml_config_mvision_cloud.png
  3. For Identity Provider, enter the following information from your IdP:
    • Issuer. This is the Identity Provider Issuer from your IdP. 
    • Certificate. Download the certificate from your IdP and click Choose File to upload it to MVISION Cloud. 
    • Login URL. This is the Identity Provider Single Sign On URL from your IdP
    • Signature Algorithm. Make sure this matches your IdP app. 
    • SP-Initiated Request Binding. Make sure this matches your IdP app. 
    • User Exclusions. (Optional). Click Edit Exclusions to exclude users from this site. 
  4. Click Save
  5. MVISION Cloud connects with IAM and provides the following information about the screen:
    • Audience. Edit your IdP application's SAML settings to update the Audience URI
    • Assertion Consumer Service URL. Edit your IdP application's SAML settings to include the Single Sign On URL.
    • Certificate. 
    • SAML Metadata. 
      saml_config_save.png

Configure SAML for End Users

Use this tab to enable SSO and configure SAML for end users if you have enabled End User Input for Policy Incidents. 

  1. Go to Settings > User Management > SAML Configuration
  2. Select the tab End-Users
    saml_config_end_users.png
  3. Single Sign-On. Toggle on to enable SSO. 
  4. For Identity Provider, enter the following information from your IdP:
    • Issuer. This is the Identity Provider Issuer from your IdP. 
    • Certificate. Download the certificate from your IdP and click Choose File to upload it to MVISION Cloud. 
    • Login URL. This is the Identity Provider Single Sign On URL from your IdP
    • Signature Algorithm. Make sure this matches your IdP app. 
    • SP-Initiated Request Binding. Make sure this matches your IdP app. 
    • User Exclusions. (Optional). Click Edit Exclusions to exclude users from this site. 
  5. Click Save
  6. MVISION Cloud connects with IAM and provides the following information about the screen:
    • Audience. Edit your IdP application's SAML settings to update the Audience URI
    • Assertion Consumer Service URL. Edit your IdP application's SAML settings to include the Single Sign On URL.
    • Certificate. 
    • SAML Metadata. 
      saml_config_save.png

Edit Your IdP App SAML Settings

Once you have connected MVISION Cloud to IAM, go back to Okta and edit your IdP App's SAML settings with the following new information from MVISION Cloud:

  1. Audience URI. Edit your IdP application's SAML settings to update this with the Audience link from MVISION Cloud. 
  2. Single Sign On URL. Edit your IdP application's SAML settings to include the Assertion Consumer Service URL from MVISION Cloud.
  3. Default RelayState. Set this value to https://auth.ui.mcafee.com
  4. Configure the app to send the following user attributes to the IdP provider. (These are recorded in the McAfee IAM section. Individual users have the option to edit First Name and Last Name at any time after logging into MVISION Cloud.)
    • First Name
    • Last Name
    • Email.
  5. OPTIONAL: To test your login, click the newly configured app. You won't have access to the MVISION Cloud product until MVISION Cloud Support enables it. But you will log in to the McAfee IAM and you can see the IAM dashboard. 

Contact Support to Enable MVISION Cloud Login

Once you have configured SAML in MVISION Cloud, contact MVISION Cloud Support so they can enable IAM authentication for your tenant. 

Troubleshooting SSO

If the SSO user is not in the MVISION Cloud login database, you can receive a nondescript 400 error code from the IdP. 

To troubleshoot:

  1. Make sure the user has been assigned to the application in the IdP.
  2. Make sure the user exists in the MVISION Cloud page Settings > User Management > Users
  3. Make sure the user's first name, last name, and login ID configured in the IdP match what is in MVISION Cloud. 
  • Was this article helpful?