Setup Malwarebytes cloud platform single sign-on with Azure AD

Document created by jgolomb Employee on Aug 30, 2018Last modified by jgolomb Employee on Nov 8, 2019
Version 20Show Document
  • View in full screen mode

The following instructions will assist the iDP Administrator with the setup of single sign-on (SSO) for Malwarebytes Administrators into the Malwarebytes Cloud portal using Azure AD. Malwarebytes Cloud only supports SAML 2.0 authentication protocol. 


Get started

  • The email address used for the cloud account must match the email address used for Azure AD.

  • Log into and go to the Settings > Single Sign-on page.

  • Log into your Azure AD Administrator account and go to Azure Active DirectoryEnterprise applications.

  • Ensure your environment meets the minimum operating system and external access requirements. Refer to Malwarebytes Cloud Platform Administrator Guide for details.


Add the application in Azure AD

  1. From the Enterprise applications page in Azure AD, click New applicationNon-gallery application.

  2. Name the application > click Add.
    Image of Add an application menu options for Azure AD.

Configure the application SSO settings

  1. Click Single sign-on > select SAML-based Sign-on from the Single Sign-on Mode drop down menu.

  2. On the Malwarebytes Cloud Single Sign-On page, left-click the Service Provider Metadata link to save the metadata.xml file.

Upload Cloud Portal XML file to Azure AD

  1. In Azure AD, click Upload metadata file.
    Image of Malwarebytes Cloud Portal Domain and URLs menu in Azure AD.

  2. Upload the metadata.xml file you downloaded from the Cloud Portal.
    Image of Upload a configuration file dialog in Azure AD.


Update the SAML configuration

  1. On the Malwarebytes Cloud Single Sign-On page, copy the Solicited Whitelist URL.

  2. In Azure AD's Set up Single Sign-On with SAML screen, go to Basic SAML Configuration > click the pencil icon. 

  3. Under the Reply URL (Assertion Consumer Service URL) section, paste the previously-copied Solicited Whitelist URL into the empty entry.

  4. Click the Save button.


Configure application attributes

  1. In Azure AD's Set up Single Sign-On with SAML screen, go to User Attributes & Claims > click the pencil icon.

  2. Click Add new claim.

  3. Add new attributes in lowercase, exactly as shown below.

    Note: Be sure to leave the Azure namespace URL field blank.

  4. Click Save.


Upload Azure AD metadata into Cloud Portal

  1. Download the Azure AD Federation Metadata XML file.

  2. On the Malwarebytes Cloud Single Sign-On page, drag the .xml file or Choose a Different File to upload the Identity Provider (iDP) Metadata.

  3. Once the .xml file is uploaded, you can set Enable Single Sign-On (SSO) to ON.

  4. Now the application can be assigned to your Malwarebytes Cloud administrators in Azure AD.


Additional information