Skip to main content
commvault.com commvault.com
Solved

How to enforce SAML login for CommCell Console

  • September 27, 2022
  • 6 replies
  • 1100 views
B
Commvault Certified Expert
Forum|alt.badge.img+2
  • BSircyCommvault Certified Expert
  • Commvault Certified Expert
  • 3 replies

I have a customer who has configured SAML within their environment that’s currently on 11.28 (2022E). If they login via the Web Console/Command Center, the SAML authentication is required. Local users are unable to access the environment. However, when logging in via the CommCell Console, users are able to authenticate using either local accounts or SAML and access the environment.

Is there anyway to enforce the use of only SAML on the CommCell Console and not allow local users to authenticate successfully?

Best answer by Amey Karandikar

You can try this setting

View original
Did this answer your question?

6 replies

MFasulo
Vaulter
Forum|alt.badge.img+12
  • MFasuloVaulter
  • Vaulter
  • 175 replies
  • September 28, 2022

@DMCVault 

N
Vaulter
Forum|alt.badge.img+7
  • NVFD411Vaulter
  • Vaulter
  • 62 replies
  • September 28, 2022

@BSircy - Please take a look at the following additional setting.

 

https://documentation.commvault.com/additionalsetting/details?name=forceSAMLLogin

 

 

Mark Cerda
A
Vaulter
Forum|alt.badge.img+7

You can try this setting

1 Attachments
D
1 person likes this
  • D
    DMCVault
D
Vaulter
Forum|alt.badge.img+8
  • DMCVaultVaulter
  • Vaulter
  • 53 replies
  • September 29, 2022
NVFD411 wrote:

@BSircy - Please take a look at the following additional setting.

 

https://documentation.commvault.com/additionalsetting/details?name=forceSAMLLogin

 

 

This setting is only for command center and webconsole not java gui.  The correct answer is from Amey above.  We will look to document the correct key for this use case.

B
Commvault Certified Expert
Forum|alt.badge.img+2
  • BSircyCommvault Certified Expert
  • Author
  • Commvault Certified Expert
  • 3 replies
  • September 29, 2022

@Amey Karandikar that key worked. The only potential issue there is if SAML or AD is broken, there is no way to access the environment. Is there a way to either remove the additional setting outside of the GUI or allow a local admin account (not domain accounts) access?

D
Vaulter
Forum|alt.badge.img+8
  • DMCVaultVaulter
  • Vaulter
  • 53 replies
  • September 29, 2022
BSircy wrote:

@Amey Karandikar that key worked. The only potential issue there is if SAML or AD is broken, there is no way to access the environment. Is there a way to either remove the additional setting outside of the GUI or allow a local admin account (not domain accounts) access?

This key can be applied at multiple entities:  It can be set at user, user group, company , or commcell level

My suggested approach would be to apply this at a group level - and have a secured local “break glass” account not a part of the group.  So in your scenario you would always have a backup account you can login with.

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings