Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Commands Reference Guide
  5. Appendix A. NetBackup Commands
  7. nbidpcmd
NetBackup™ Commands Reference Guide

Name

nbidpcmd — configure an identity provider (IDP), SAML certificate, and keystore on the NetBackup master server to use with the Single Sign-On (SSO) method.

SYNOPSIS

For IDP configuration and NetBackup CA SAML keystore configuration, use the following command:

nbidpcmd -ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] [-cCert] [-f]

For IDP configuration and ECA SAML keystore configuration, either of the commands shown can be used:

Use NetBackup ECA configured keystore for SAML keystore configuration:

nbidpcmd -ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] -cECACert -uECA [-f]

Use ECA certificate chain and private key provided by user for SAML keystore configuration:

nbidpcmd -ac -n IDP configuration name -mxp IDP XML metadata file [-t SAML2] [-e true | false] [-u IDP user field] [-g IDP user group field] [-M master_server] -cECACert -certPEM Certificate Chain File -privKeyPath Private Key File [-ksPassPath Keystore Passkey File] [-f]

nbidpcmd -cCert [-f]

nbidpcmd -cECACert -uECA use existing ECA configuration [-f force_option] [-M master_server]

nbidpcmd -cECACert -certPEM Certificate Chain File -privKeyPath Private Key File -ksPassPath Keystore Passkey File [-f force_option] [-M master_server]

nbidpcmd -dc -n IDP configuration name [-M master_server]

nbidpcmd -dCert

nbidpcmd -dECACert

nbidpcmd -rCert

nbidpcmd -sc -n IDP configuration name [-M master_server]

nbidpcmd -scl [-M master_server]

nbidpcmd -uc -n IDP configuration name {-mxp IDP XML metadata file| -e true | false} [-M master_server]

nbidpcmd -v [-M master_server]

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\

DESCRIPTION

The nbidpcmd command can add, modify, list, and delete the configuration for identity providers on the NetBackup master server. Additionally, use the command to add, update, renew, and delete NetBackup CA and ECA SAML certificate and keystore.

OPTIONS

-ac

Adds a configuration for an identity provider. Use the -e option to enable an IDP configuration.

-cCert

Configures SAML certificates and keystore.

-cECACert

Configures SAML external CA keystore.

-certPEM Certificate Chain File

Specifies certificate chain file path. The file must be in PEM format and must be accessible to the master server that performs the configuration.

-dc

Deletes the configuration of the identity provider with the specified ID.

-dCert

Remove the SAML certificate and keystore.

-dECACert

Remove the SAML external CA configured keystore.

-e true | false

Enables or disables the identity provider configuration. An IDP must be available and enabled otherwise users cannot sign in with the Single Sign-On (SSO) option.

  • true = Enable

  • false = Disable

-f

Specifies whether to overwrite the existing SAML keystore.

-ksPassPath Keystore Passkey File

Specifies the password file path for the keystore. The file must be accessible to the master server that performs the configuration.

-M master_server

The master server to which you want to add or modify the identity provider configuration. The default is the NetBackup server master where you run the command.

-mxp IDP XML metadata file

The metadata file that contains configuration details for the identity provider, in Base64-encoded format.

-n IDP configuration name

The unique name of the identity provider.

-privKeyPath Private Key File

Specifies the private key file path for the certificate. The file must be in PEM format and must be accessible to the master server that performs the configuration.

-rCert

Renews the SAML certificate and key-pair and updates the SAML keystore with the renewed key-pair certificate.

-sc

Display the details for the configured identity provider with the specified ID. If the ID is not provided the details of all the configured identity providers are listed. Or, use -scl to display a specific identity provider.

-scl

Display the details for all the configured identity providers. Use -sc -n to display a specific identity provider.

-t SAML2

Indicates the type of protocol that the identity provider supports. The following types are supported: SAML2.

-u IDP user field, -g IDP user group field

Retrieves the fields from the SAML assertion that are the primary keys for the user and the user group. You can specify these fields together or individually.

-uc

Updates the details for the configured identity provider with the specified ID. In addition to the -n option, you must use the -mxp or the -e option, or both options.

-uECA

Specifies whether to configure external CA-signed SAML keystore from the existing external CA certificate that is configured in NetBackup.

-v

Shows the version of the nbidpcmd utility.

Feedback

Was this page helpful?
Previous

nbhypervtool

Next

nbimageshare

Feedback

Was this page helpful?