Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section II. Managing security
  7. Configuring authentication options
  9. Configure NetBackup for Single Sign-On (SSO)
  11. Enroll the NetBackup master server with the IDP
NetBackup™ Web UI Administrator's Guide

Enroll the NetBackup master server with the IDP

The NetBackup master server must be enrolled with the IDP as a service provider (SP). For step-by-step procedures that are specific to a particular IDP, see the following table:

Table: IDP-specific steps for enrolling the NetBackup master server

IDP name

Link to steps

ADFS

https://www.veritas.com/docs/100047744

Okta

https://www.veritas.com/docs/100047745

PingFederate

https://www.veritas.com/docs/100047746

Azure

https://www.veritas.com/docs/100047748

Shibboleth

https://www.veritas.com/docs/00047747

Enrolling an SP with an IDP typically involves the following operations:

Uploading the SP metadata XML file to the IDP

The SP metadata XML file contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL), and a log out URL (SingleLogoutService). The SP metadata XML file is required by the IDP to establish trust, and exchange authentication and authorization information with the SP.

Mapping the SAML attributes to their AD or LDAP attributes

Attribute mappings are used to map SAML attributes in the SSO with its corresponding attributes in the AD or LDAP directory. The SAML attribute mappings are used for generating SAML responses, which are sent to the NetBackup master server. Ensure that you define SAML attributes that map to the userPrincipalName and the memberOf attributes in the AD or LDAP directory. The SAML attributes must adhere to the following formats:

Table:

Corresponding AD or LDAP attribute

SAML attribute format

userPrincipalName

username@domainname

memberOf

(CN=group name, DC=domainname)

Note:

While adding the IDP configuration to the NetBackup master server, the values entered for the user (-u) and user group (-g) options must match the SAML attribute names that are mapped to the userPrincipalName and the memberOf attributes in the AD or LDAP.

See Add and enable the IDP configuration.

Feedback

Was this page helpful?
Previous

Add and enable the IDP configuration

Next

Manage an IDP configuration

Feedback

Was this page helpful?