Skip to main content

McAfee MVISION ePO SAML integration

Arculix by SecureAuth SSO for McAfee MVision ePO enables strong authentication and secure access via SAML Single Sign-on. Arculix's intelligent Multi-Factor Authentication (MFA) technology helps protect your user accounts and data from being compromised. This document will guide you through the configuration of McAfee MVision ePO to work with the Arculix SSO Identity Provider service.

McAfee MVISION® is an endpoint and cloud security system used to protect your data and stop threats across your cloud infrastructure.

Prerequisites

  • Arculix account with a configured Identity Provider and LDAP Agent.

    For more information, see the Arculix LDAP Agent deployment guide.

  • User account with administrative privileges for Arculix.

  • An organization identifier provided by Arculix (organization slug).

  • User acount with administrative privileges for McAfee MVISION.

McAfee MVISION ePO configuration

In this section, you'll configure McAfee MVISION as a service provider (SP).

  1. Download the SAML metadata and certificate for your organization from Arculix.

    Metadata download: https://sso.arculix.com/<myorganization>/saml/download/metadata

    View metadata: https://sso.arculix.com/<myorganization>/saml/metadata

    Certificate download: https://sso.arculix.com/<myorganization>/saml/download/cert

  2. From the McAfee MVISION dashboard, go to the Identity Provider settings page.

    mvision_dash.png
  3. Enter your Arculix IdP information from the SAML metadata file.

    Issuer

    Enter the Issuer/EntityID of your Arculix tenant provided in the Arculix metadata.

    For example, https://sso.arculix.com/EXAMPLE/saml.

    Certificate

    Click Choose File to upload the Arculix certificate to MVISION downloaded in Step 1.

    Login URL

    Enter the Arculix Single Sign On URL provided in the Arculix metadata.

    For example, https://sso.arculix.com/EXAMPLE/saml/auth.

    Request Binding

    Select HTTP-REDIRECT.

  4. From the User List, select the users that you want to exempt from SSO.

  5. Click Save Changes.

    mvision_edit_idp_details.png
  6. After successfully saving the configuration, you can view the information in the Service Provider (MVISION) section.

    You will use this information to create the McAfee application in the Arculix cloud.

    mvision_sp_info.png

Arculix SAML configuration as an Identity Provider (IdP)

In this section, you'll add an application for McAfee MVISION and set the SAML configuration settings. This will be the Identity Provider (IdP) side of the configuration.

  1. Log in to Arculix with an administrative account and go to Applications.

  2. Click Create New Application.

    Create new application
  3. In the New Application form, on the General tab, set the following configurations:

    Name

    Set the name of the application. This is the name to display for push notifications, in the Admin panel, Application portal, and audit logs.

    For example, McAfee MVISION.

    Type

    Set to SAML Service Provider.

    Out of Band Methods

    Select the allowed methods end users can choose to approve MFA requests.

    For example, Arculix Mobile app (push notifications), SMS, or Security Key.

    Message for MFA Requests

    (Optional) Type a message displayed to end users when sending an MFA request via push notification, SMS, or email.

    arculix_new_app_mvision.png
  4. Select the SAML Service Provider Configuration tab, and set the following configurations:

    Issuer or Entity ID

    Enter the Audience value provided by McAfee in the previous section.

    Log in URL

    Enter the Assertion Consumer Service URL value provided by McAfee in the previous section.

    NameID Format

    Set to Email Address.

    Name Identifier

    Set to Email.

    ACS URL

    Enter the Assertion Consumer Service URL value provided by McAfee in the previous section.

    arculix_mvision_saml_settings.png
  5. Click Add New Attribute Assertion button and create the three attributes as below table. These are mandatory if you want to enable the Just-in-time provisioning feature on OneLogin.

    Friendly Name

    Name

    Value

    Name Format

    Email

    Email

    email

    Unspecified

    Last Name

    Last Name

    sn

    Unspecified

    First Name

    First Name

    given_name

    Unspecified

    arculix_attribute_mvision.png
  6. Save your changes.

    Note

    You must add users to your account and assign roles to allow them to access MVISION ePO using SSO.

Test your application integration

  1. Go toyour McAfee MVISION instance.

  2. You will be redirected to the Arculix SSO page.

    Application login page with email
  3. After successful authentication, select your preferred MFA method to approve access to the MVISION application.

    Select an authenticator
  4. Pass the verification stage on your Arculix Mobile app.

  5. Finally, you will be redirected to your MVISION portal.

    mvision_portal.png

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.