Issue
We would like to create an account that would allow for us to log into our VMware Carbon Black EDR instance without relying on authentication via Red Canary. How can we configure this?
Environment
VMware Carbon Black EDR
Resolution
The configuration for the backend Carbon Black server only allows for one SSO IDP; meaning only one SSO path, either Red Canary's SSO (currently configured) or your SSO. Any MFA would not apply because SSO is configured as the authentication and access validation method. If you were to switch your Carbon Black SSO configuration to use your SSO instead of the SSO through Red Canary, our detection engineers and threat hunters would no longer be able to access your CB server for investigations into malicious activity, which could result in a delay of any investigations.