Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Configuring authentication options
  9. Configure user authentication with smart cards or digital certificates
  11. Configure smart card authentication with a domain
NetBackup™ Web UI Administrator's Guide

Configure smart card authentication with a domain

You can configure NetBackup to validate users with smart cards or certificates with an AD or an LDAP domain.

Note the following prerequisites:

  • Before you add the authentication method you must add the domain that is associated with your NetBackup users. See the NetBackup Security & Encryption Guide.

  • Ensure that you complete the role-based access control (RBAC) configuration for the NetBackup users before you configure smart card or certificate authentication.

    See Configuring RBAC.

To configure smart card authentication with a domain

  1. Sign in to the NetBackup web UI.
  2. At the top right, select Settings > Smart card authentication.
  3. Turn on Smart card authentication.
  4. Select the required AD or LDAP domain from the Select the domain option.
  5. Select a Certificate mapping attribute: Common name (CN) or Universal principal name (UPN).
  6. Optionally, enter the OCSP URI.

    If you do not provide the OCSP URI, the URI in the user certificate is used.

  7. Select Save.
  8. To the right of CA certificates, click Add.
  9. Browse for or drag and drop the CA certificates and click Add.

    Smart card authentication requires a list of trusted root or intermediate CA certificates. Add the CA certificates that are associated with the user digital certificates or the user smart cards.

    Certificate file types must be .crt, .cer, .der, .pem, or PKCS #7 format and less than 64KB in size.

  10. On the Smart card authentication page, verify the configuration information.

    After configuring smart card authentication, you must restart the NetBackup Web Management Console (nbwmc) service.

  11. Before users can use a digital certificate that is not installed on a smart card, the certificate must be uploaded to the browser's certificate manager.

    See the browser documentation for instructions or contact your certificate administrator for more information.

  12. When users sign in, they now see an option to Sign in with certificate or smart card.

    If you do not want users to have this sign-in option yet, turn off Smart card authentication. (For example, if all users do not yet have their certificates configured on their hosts.). The settings that you configured are retained even if you turn off smart card authentication.

    For such users, the domain name and domain type are smart card.

Feedback

Was this page helpful?
Previous

Configure user authentication with smart cards or digital certificates

Next

Configure smart card authentication without a domain

Feedback

Was this page helpful?