Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Self Service Configuration Guide
  3. User authentication methods
  4. Configuring Self Service to use Federated Single Sign-On
NetBackup™ Self Service Configuration Guide

Configuring Self Service to use Federated Single Sign-On

Self Service supports Federated Single Sign-On through the WS-Federation Passive Protocol. It is implemented with Microsoft Windows Identity Foundation (WIF), and uses Security Assertion Markup Language (SAML) tokens for claims transfer. It does not, however, support the SAML2 Protocol, SAML-P.

When Self Service is installed, it is configured with Forms Authentication that requires the first logon to use the admin account.

To authenticate through the identity provider:

  1. Create users in the Self Service database, who correspond to users in the identity provider.
  2. Edit the Self Service appsettings.json file to enable federated single sign-on.
Create a user in Self Service

The User ID is used to identify users in Self Service. Claims are used to identify users in the identity provider. For authentication to succeed, users in Self Service must have a User ID that matches the value in one of the claims from the identity provider.

Self Service looks at the following claims when it attempts to find the Self Service user: Name, Email, Windows Account Name, and UPN. Typically Name and Windows Account Name have the format domain\username, and typically Email and UPN have the format username@domain.

You can enter Users through the portal or import in bulk, either directly from Active Directory or by a .CSV file.

Edit appsettings.json to enable Federated Single Sign-On

To change the appsettings.json file to enable federated single sign-on:

  1. Navigate to install_path\WebSite.
  2. Open appsettings.json with Notepad as Administrator.
  3. Find the <FederationAuthentication> section and set Enabled to true, and set Wtrealm and MetadataAddress to the desired values.
  4. Save the appsettings.json file.

If you have to switch back to Forms Authentication, edit the appsettings.json, and set the Enabled option to false in the FederationAuthentication section. One instance where you would switch back to Forms Authentication is to recover from a problem.

Log on to Self Service

To confirm that the system is fully configured for Federated logon:

  1. Close and re-open Internet Explorer
  2. Restart IIS
  3. Enter the URL of Self Service
  4. If your environment uses test certificates, accept the two certificate errors
  5. Enter the credentials for the previously created user. The user should successfully log on.

Feedback

Was this page helpful?
Previous

Active Directory Import

Next

Troubleshooting

Feedback

Was this page helpful?