Skip to main content

Microsoft AD FS and Nebula single sign-on configuration

Updated: 

The following instructions assist the Identity Provider administrator with the setup of single sign-on (SSO) for Nebula with Microsoft AD FS. Nebula only supports SAML 2.0 authentication protocol. 

Get started

  • The email address used for the Nebula account must match the email address used for AD FS.
  • Administrator access to the Nebula.
  • Server Manager Administrators access, or equivalent, on the local computer.
  • Ensure that the time set on the AD FS server is not set to a future time. 

Add new relying party trust to AD FS configuration database

  1. In Server Manager, select Tools > AD FS Management > Actions > click the Start button.
    DOC-2959-1.png
  2. In the Nebula Single Sign-On page, left-click the Service Provider Metadata link to save the metadata.xml file.
  3. Back in AD FS, select Import data about the relying party from a file Browse... to locate and add the Nebula metadata.xml file > click Next.
    DOC-2959-3.png
  4. Create a display name for the application that your users can easily identify. For example, Nebula. Click Next when satisfied.
    DOC-2959-4.png
  5. Select I do not want to configure multi-factor authentication settings for this relying party trust at this time > click Next.
    DOC-2959-5.png
  6. Select Permit all users to access this relying party > click Next.
    DOC-2959-6.png
  7. Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes > click Close.
    DOC-2959-7.png

Setup Microsoft AD FS SAML Settings

  1. Select Add Rule... in the new dialog screen.
    DOC-2959-8.png
  2. Select Send LDAP Attributes as Claims from the drop down menu > click Next.
    DOC-2959-9.png
  3. Create a Claim rule name > configure the following LDAP attributes:
    E-Mail Addresses to Outgoing Claim Type: email
    E-Mail Addresses to Outgoing Claim Type: nameid
    DOC-2959-10.png

Upload Microsoft AD FS SSO XML file into Nebula

  1. Download the FederationMeta.xml from: https://YourADFSServer/federationmetadata/2007-06/federationmetadata.xml
    NOTE: Replace YourADFSServer with your ADFS server information.
  2. In the Nebula platform, have a Nebula Super admin upload the FederationMetadata.xml into cloud.malwarebytes.com by dragging the file into the area, or selecting the file path.

Enable SSO

  1. Once the metadata is uploaded, toggle on Enable SSO.
    • Toggle on Just-In-Time (JIT) Provisioning to automatically create Nebula users if they don't already exist when authenticating through Microsoft AD FS.
    • Toggle on Service Provider Initiated SSO if you will be accessing Nebula through a tile or button in Microsoft AD FS.
  2. Now the application can be assigned to your Nebula administrators in Microsoft AD FS.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more