Please enter search query.
Search <product_name> all support & community content...
How to enroll Access Appliance primary server as a service provider in Azure active directory Identity provider
Article: 100061968
Last Published: 2024-02-20
Ratings: 0 1
Product(s): Appliances
Description
(Azure Ad is SAML2.0 based 3rd identity provider)
- Open Microsoft Azure portal. Login using your personal credentials.
- Click Enterprise applications under Azure services.
- Click New application (
).
- Click Create your own application.
- Provide an IDP name and select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
- Once the Application gets created, click Single sign-on, and then click the SAML tile.
- Click on Edit in the Basic SAML Configuration pane.
- Enter the values of both Entity ID and Reply URL.
Entity ID : https://<consoleip>:14161/login
Replay URL : https://<consoleip>:14161/api/appliance/v1.0/authentication/sso/login/callback?redirectURL=/login
- Select Edit option for Attribute & Claim and click Add new claim.
- Enter the Name as userPrincipalName and enter the Source attribute as user.userprincipalname.
- Click Add a group claim, and select All groups under Group Claims and enter the Source attribute as DNSDomain\sAMAccountName.
- Under Advance settings for group name, check the Customize the name for the group claim checkbox and provide memberOf as the name for the claim and click Save.
- For the SAML certificate, click Edit. Select Sign SAML response and assertion as the Signing option and click Save.
- Download the Federation metadata XML from the link provided.
- Click Users and groups for the IDP application created.
- Click Add user/group.
- Select User or groups for the assignment and click Save and then, click Assign.
- Navigate to the Access Appliance UI. Go to Settings > Security > Single-sign on.
- Provide a name for IDP and upload the federation metadata XML and click Save.
- Add the same users/groups to NetBackup > Security > RBAC as SAML users/groups.
- Login with SSO.
Related Knowledge Base Articles
How to enroll Access Appliance primary server as a service provider in ADFS
How to enroll Access Appliance primary server as a service provider to Okta
How to enroll Access Appliance primary server as a service provider to PingFederate