Enterprise Vault.cloud™ Archive Administration Help
- Getting started with Archive Administration
- Archive Overview
- My Config
- About Provisioning
- About Managed Tags
- About Account Management
- Archive Collectors
- Role Management
- Policy Management
- Import Data
- Authentication Management
- AD FS Configuration Guide
- Retention Management
- Continuity Management
- Reporting and Notifications
- Personal.cloud Deployment for IBM Notes
- Archive Administration Updates in Previous Releases
- Archive Administration Known Issues
Configuring AD FS to work with Enterprise Vault.cloud
This section describes how to configure your Active Directory Federation Services (AD FS) environment to work with the Enterprise Vault.cloud authentication service. After you configure your AD FS environment and the Enterprise Vault.cloud authentication service, you can provide single sign-on access to Enterprise Vault Personal.cloud users.
For information about the supported AD FS versions, see the Enterprise Vault.cloud Compatibility List.
These instructions apply to the provision of single sign-on access for Personal.cloud users only. For assistance with the provision for Discovery.cloud and Archive Administration, contact Veritas Services & Support.
The following table describes the required steps to configure AD FS to work with the Enterprise Vault.cloud authentication service.
Table: Steps to configure AD FS to work with the Enterprise Vault.cloud authentication service
Use the AD FS Management Console to add a relying party trust for Enterprise Vault.cloud.
Generate and export a token-signing certificate from the AD FS Management Console for upload in Archive Administration.
These instructions do not provide information on how to set up your AD FS environment. Refer to the following Microsoft documentation for information on to set up your AD FS environment:
Enterprise Vault.cloud honors the NotBefore and NotOnOrAfter conditions that are presented during Secure Assertion authentication and authorization exchanges.
We recommend that you review your SSO Authority/Identity Provider settings to understand the values that are presented to Enterprise Vault.cloud during the SAML exchange. You need to ensure that the NotBefore and NotOnOrAfter values and drift values are configured in a way that is secure but that does not inadvertently cause authentication issues. Enterprise Vault.cloud synchronizes with several external UTC time sources and we recommend that you do the same to minimize the drift between our networks. Refer to your Microsoft documentation for information about configuring these values in an AD FS environment.
For information on how to set a NotBeforeSkew condition to allow for time discrepancies, see the following article on our Support website: