How to enroll NetBackup master server as a service provider in Azure active directory Identity provider

Article: 100047748
Last Published: 2022-10-17
Ratings: 4 0
Product(s): NetBackup & Alta Data Protection

(Azure Ad is SAML2.0 based 3rd identity provider)

1.    Login to Microsoft Azure portal.

2.    From the navigation pane, go to Azure Active Directory > Enterprise applications, and then click New application (  )


3.    From Add an application window choose, Non-gallery application.

4.    Enter name for an application and click add.


5.    Select assign users and groups and add users and groups who want to access the NetBackup using single sign-on.

6.    From the navigation pane, click Single sign-on, and then click the SAML tile.

The SAML-based Sign-on page appears.


Text is required for 2 fields - but these will get updated when sp-metadata.xml file is later uploaded so can use:

identifier (Entity ID): pimaryservername

Reply URL: https://primaryservername

7.    In the SAML Signing Certificate section, next to Federation Metadata XML, click the Download link to download the Azure AD federation metadata.xml. The downloaded federated metadata XML file will be used while adding Azure Ad IDP configuration in NetBackup.


8.    Add the Azure Ad idp configuration in NetBackup as per per pages 130 through 134 of:

NetBackup Web UI Administrator's Guide

9.    Generate the service provider(SP) metadata XML in NetBackup using https://<netbackupmaster>/netbackup/sso/saml2/metadata API.

10.                   In the Microsoft Azure portal, on the SAML-based Sign-on page, click Upload metadata file


11.                   Once sp metadata file is uploaded Click on save to save the Basic SAML configuration.


12.                   Under User Attributes & Claims, Click edit and add new claim. 


13.                   Under Manage claim, enter name as userPrincipalName and select source attribute as user.userprincipalname  and Save the claim.



14.                   To add support for userGroups based authorization in NetBackup, click on Add a group claim.

15.                   From Group claims, select groups associated with user and select source attribute as DNSDomain\sAMAccountName.

16.                   From the Advanced options, select customize the name of the group claim and enter name claim as memberOf and save the group claim.


17.                   Once the NetBackup is successfully enrolled in Azure AD identity provider, try the Login using Single sign-on option from NetBackup WebUI Login page.

18.                   Refer : for more information.

Was this content helpful?