Configure single sign-on with Malwarebytes Cloud Platform

Document created by bgoddard Employee on Oct 30, 2019Last modified by bgoddard Employee on Nov 13, 2019
Version 11Show Document
  • View in full screen mode

If your organization uses a single sign-on provider, you may connect it to Malwarebytes Cloud Platform. This article provides an overview of Malwarebytes single sign-on configuration and basic setup steps. For specific single sign-on platform configurations, see Additional information at the end of this article.


Go to Settings > Single Sign-On. Single-Sign On is turned off by default.


Enable Single Sign-On to allow the Malwarebytes console to control logins through your identity provider.


Link your single-sign on tool to Malwarebytes

For single sign-on to work, connect Malwarebytes Cloud Platform to your provider.


  1. Use your single sign-on tool to generate an XML file. This file is used to integrate your tool with Malwarebytes Cloud Platform. If you need assistance generating this file, contact your single sign-on provider.

  2. Drag the generated XML file onto the Upload New Metadata XML box. You may upload a new XML at any time to change single-sign on settings.

  3. Click SAVE.


Link Malwarebytes to your single-sign on tool

Now that Malwarebytes has your single-sign on tool XML data, you need to provide similar data from Malwarebytes to your single-sign on tool.

  1. Scroll down to Malwarebytes Service Provider Details.

  2. Click the link next to Service Provider Metadata.

  3. Your web browser downloads a metadata.xml file.

  4. Upload this file to your single sign-on tool.


If your single sign-on tool needs additional details, refer to the other on-screen items in this section.

Enable the Service Provider Initiated SSO setting to have Malwarebytes use your email address to perform an identity provider lookup. When the lookup succeeds, future logins route through your identity provider’s existing login methods. If the lookup does not succeed, future logins prompt for a password.

Enable Just-in-Time (JIT) Provisioning to allow IT administrators to determine if Malwarebytes automatically creates a user account when a new user attempts to log in. If the new user's role is specified in the SAML Assertion, that role is assigned to the user within Malwarebytes.


Malwarebytes Console expects the following SAML Attributes:

  • email: Required.
  • display_name: Optional. If left blank, the user's email address is used.
  • role: Optional. Values can be ReadOnly, Admin, and SuperAdmin. If a role isn't selected, ReadOnly is used.

ReadOnly or Admin roles are only allowed access to the Default Group. Super Admin roles are given access to all groups.


Additional information



Return to the Malwarebytes Cloud Platform Administrator Guide