Solved

Is it possible to enable SSO for specific users or groups when 2FA is enabled?


Userlevel 3
Badge +7

Hi everyone,

We enabled 2FA on our customer’s environment and we disabled SSO. Customer is using one specific domain user for Delphix and it connects Commvault enviroment with SSO.

https://docs.delphix.com/docs537/delphix-administration/sql-server-environments-and-data-sources/virtualizing-databases-using-delphix-with-sql-server/managing-sql-server-dsources/additional-dsource-topics/linking-a-dsource-from-a-commvault-sql-server-backup

 

We don’t want to enable SSO because of the 2FA.

https://documentation.commvault.com/11.24/expert/7907_enabling_two_factor_authentication_at_commcell_level_in_commcell_console_administrator.html

 

Is it possible to enable SSO only for this specific domain user with additional settings or something?

 

icon

Best answer by ibrahimemrekaya 13 May 2022, 08:27

View original

If you have a question or comment, please create a topic

3 replies

Userlevel 3
Badge +7

Hi,

Commvault’s answer;

Using the SSO it is not possible to use the Two Factor Authentication.
 
If you need to use the 2FA then you need to disable the SSO. There is no way to use both the settings in Commcell Environment.
 
https://documentation.commvault.com/11.24/essential/107051_enabling_two_factor_authentication_at_company_level_administrator.html

 https://documentation.commvault.com/11.24/essential/107055_enabling_two_factor_authentication_at_commcell_level_administrator.html

 

Userlevel 3
Badge +7

Hi,

Thank you for your reply. Actually we enabled it from group level. We followed this steps;

https://documentation.commvault.com/11.24/expert/107055_enabling_two_factor_authentication_at_commcell_level_administrator.html

We enabled 2FA only for 2 domain groups. But when we enabled SSO, 2FA not working for this groups. It’s automatically log in to console.

Userlevel 7
Badge +19

I think the only way to accomplish this is by configuring it the other way around. Disable 2FA force on CommCell level en enable it on group level so you can still leverage SSO.