1Kosmos integrates with Broadcom's security product portfolio as a SAML 2.0 identity provider, enabling biometric passwordless access for administrators and users of Symantec and Broadcom platforms.
Integration type
SSO
Updated
Overview
Broadcom's enterprise security portfolio includes products such as Symantec SiteMinder (web access management), Symantec Endpoint Security, Symantec Web Security Service (WSS), and the Broadcom Login federation service used across multiple Broadcom cloud products. All of these products support SAML 2.0 for identity provider integration, and 1Kosmos can be configured as the external IdP for any of them.
For SiteMinder-based deployments, 1Kosmos is registered as a trusted SAML identity provider within the SiteMinder Policy Server federation configuration. For Broadcom cloud products using the Broadcom Login service (such as Symantec Endpoint Security and Symantec WSS), 1Kosmos is configured as the external IdP through the Broadcom account self-service portal. In both cases, 1Kosmos handles authentication and returns a signed SAML assertion to the Broadcom service.
The specific configuration path depends on which Broadcom product you are securing. Contact your 1Kosmos representative to confirm the correct integration path for your Broadcom deployment before beginning configuration.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.
Broadcom product administrator access: Admin rights to the relevant Broadcom product console, including federation or SSO configuration settings.
Identify your Broadcom product: Determine which Broadcom product you are configuring (SiteMinder Policy Server, Symantec Endpoint Security, Symantec WSS, or another Broadcom service) as the configuration path differs by product.
1Kosmos SAML metadata: Collect the 1Kosmos SAML metadata XML file or key values from AdminX before beginning Broadcom-side configuration.
1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from 1Kosmos AdminX (IdP) for Broadcom products:
Field | Where to find it |
|---|---|
SAML Metadata URL or XML | AdminX → Settings → IdP Configuration → Metadata URL |
SSO URL | AdminX → Settings → IdP Configuration → Single SignOn Service URL |
IdP Entity ID | AdminX → Settings → IdP Configuration → Core Configuration |
Signing Certificate (Base64 PEM) | AdminX → Settings → IdP Configuration → View Certificate → Public Key |
Values to collect from Broadcom (SP) for AdminX:
Field | How to obtain it |
|---|---|
SP ACS URL | Varies by product. For SiteMinder, found in SP federation settings. For Broadcom cloud products, found in the Identity section of the product console under SAML Authentication or SSO settings. |
SP Entity ID | Found in the same SP metadata or federation settings screen as the ACS URL. |
SP Metadata (optional) | Downloadable from the SAML or SSO settings screen in the relevant Broadcom product console. |
Integration steps
Step 1: Collect 1Kosmos IdP metadata
Log in to the AdminX portal and navigate to Settings → IdP Configuration.
Copy the SSO URL, IdP Entity ID, and signing certificate. Download the SAML metadata XML if your Broadcom product supports metadata file import.
Step 2: Register 1Kosmos as an IdP in your Broadcom product
For Broadcom Login (cloud products): Log in to the Broadcom account self-service portal and navigate to the Identity Provider section. Upload the 1Kosmos metadata or manually enter the SSO URL, Entity ID, and certificate. Refer to Broadcom's Identity Provider section in Account Self-Service documentation for the specific field names.
For Symantec SiteMinder: In the Policy Server Administrative UI, navigate to Federation → Legacy Federation → SAML Service Providers. Add 1Kosmos as a trusted IdP by uploading the 1Kosmos metadata or entering the SSO URL and certificate. Ensure all administrators accessing SiteMinder have accounts in both the IdP and SiteMinder before enabling federation.
For Symantec Endpoint Security or WSS: Navigate to Settings → Access and Authentication in the product console and locate the SAML Authentication section. Upload the 1Kosmos metadata XML file or manually enter the IdP details. Download the product's SP metadata for use in AdminX.
Save the configuration and note the SP ACS URL and Entity ID from the Broadcom product settings.
Step 3: Add the Broadcom product as a SAML application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application.
Scroll to Custom App, select SAML 2.0 Generic, and click Add integration.
Enter the Broadcom product name as the Application Name, set Instance to Production, and enter the product login URL as the Application Access URL. Click Next.
Set the NameID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressand NameID Value toemail.Add the required claims mappings (email, firstname, lastname). Click Next.
Enter the Broadcom SP Entity ID and ACS URL. Set Method to POST, enable Assertion signing, and click Save.
Step 4: Synchronize administrator accounts
Ensure every administrator and user who will authenticate through 1Kosmos has a matching account in both the 1Kosmos directory and the Broadcom product, using the same email address.
For Broadcom Login federation, Broadcom requires that user email addresses are consistent across the IdP and all connected services. If email addresses change in either system, update both immediately to prevent access disruptions.
Step 5: Test the integration
Navigate to the Broadcom product login URL and attempt to sign in via SSO.
Confirm you are redirected to the 1Kosmos login screen.
Open the 1Kosmos mobile app, scan the QR code, and complete biometric authentication.
Confirm you are returned to the Broadcom product as an authenticated user with the correct access level.
Test with a single account before enabling SSO for all users or administrators.
Attribute mappings
Source (1Kosmos) | Target (Broadcom) | Description |
|---|---|---|
user.email | NameID (emailAddress) | Primary identifier; must match the account email in the Broadcom product |
user.firstName | first_name | User first name |
user.lastName | last_name | User last name |
Integration notes
Broadcom's product portfolio uses different federation architectures depending on the product. SiteMinder is a server-side federation engine that requires Policy Server configuration, while Broadcom cloud products use a centralized Broadcom Login service. Changing the identity provider for Broadcom cloud products affects all services connected to that Broadcom account.
Plan the migration carefully and confirm that all administrators have valid IdP accounts before switching. Broadcom recommends completing the IdP configuration and user account alignment before activating federation to avoid lockout scenarios.
