About single sign-on (SSO) configuration

You can configure single sign-on (SSO) with any identity provider (IDP) that uses the SAML 2.0 protocol for exchanging authentication and authorization information. Note that you can configure an IDP with more than one Cohesity product. For example, the same IDP can be configured with NetBackup and with APTARE.

Note the following requirements and limitations:

To use SSO, you must have a SAML 2.0 compliant identity provider configured in your environment.
Only identity providers that use AD or LDAP directory services are supported.
Configuration of the IDP requires the NetBackup APIs or the NetBackup command nbidpcmd.
SAML users cannot use the APIs. API keys are used to authenticate a user and therefore cannot be used with a SAML-authenticated user.
Global logout is not supported.

Figure: Example NAT configuration: Identity provider in a private network

Figure: Example NAT configuration: Primary server in a private network

Figure: Example configuration: Primary server and identity provider in same network

Figure: Example configuration: Primary server in private network and identity provider in public network

About single sign-on (SSO) configuration

Feedback

Feedback