Please enter search query.
Search <product_name> all support & community content...
How to enroll Access Appliance primary server as a service provider in Azure active directory Identity provider
Article: 100061968
Last Published: 2024-02-20
Ratings: 0 1
Product(s): Appliances
Description
(Azure Ad is SAML2.0 based 3rd identity provider)
- Open Microsoft Azure portal. Login using your personal credentials.
- Click Enterprise applications under Azure services.
- Click New application (
).
- Click Create your own application.
- Provide an IDP name and select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
- Once the Application gets created, click Single sign-on, and then click the SAML tile.
- Click on Edit in the Basic SAML Configuration pane.
- Enter the values of both Entity ID and Reply URL.
Entity ID : https://<consoleip>:14161/login
Replay URL : https://<consoleip>:14161/api/appliance/v1.0/authentication/sso/login/callback?redirectURL=/login
- Select Edit option for Attribute & Claim and click Add new claim.
- Enter the Name as userPrincipalName and enter the Source attribute as user.userprincipalname.
- Click Add a group claim, and select All groups under Group Claims and enter the Source attribute as DNSDomain\sAMAccountName.
- Under Advance settings for group name, check the Customize the name for the group claim checkbox and provide memberOf as the name for the claim and click Save.
- For the SAML certificate, click Edit. Select Sign SAML response and assertion as the Signing option and click Save.
- Download the Federation metadata XML from the link provided.
- Click Users and groups for the IDP application created.
- Click Add user/group.
- Select User or groups for the assignment and click Save and then, click Assign.
- Navigate to the Access Appliance UI. Go to Settings > Security > Single-sign on.
- Provide a name for IDP and upload the federation metadata XML and click Save.
- Add the same users/groups to NetBackup > Security > RBAC as SAML users/groups.
- Login with SSO.
Related Knowledge Base Articles
How to enroll Access Appliance primary server as a service provider in ADFS
How to enroll Access Appliance primary server as a service provider to Okta
How to enroll Access Appliance primary server as a service provider to PingFederate
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.