I have configured MFA in Commvault before V11 FR24, at that time it is required to have functioning mail address to send secret key, that can can be used in Microsoft or Google authenticator., and I have also uses SAML and ADFS based MFA, but again they also depends on Azure AD or tools like okta to generate PIN.
i read in one community post, from FR25 we can use accounts with QR code, and our admin accounts are not configured with mailboxes, and they don’t forward emails to user mailboxes.
we are using Microsoft authenticator for PIN generation, and Commvault is generating QR code for accounts with mailboxes, but not for accounts without mailboxes.
I have checked and documentation for FR25 states the following requirements:
Configuring an Email Server
Assigning Email Addresses to CommCell Users
Synchronizing the System Time on the CommServe Computer
Optional: Customizing the PIN and Secret Key Emails Sent to Users
Also checked FR26, same requirements. So it seems you still need an e-mail address configured.
I have not tested though with users which are synced from an Identity Server such as AD and so on. In that situation you will automatically get users imported at logon, that being said as far as I know QR codes are only supported for local commcell users, not for SAML users. SAML users need the secret key provided in the very first e-mail to configure a tool to generate a PIN code.
I have checked and documentation for FR25 states the following requirements:
Configuring an Email Server
Assigning Email Addresses to CommCell Users
Synchronizing the System Time on the CommServe Computer
Optional: Customizing the PIN and Secret Key Emails Sent to Users
Also checked FR26, same requirements. So it seems you still need an e-mail address configured.
I have not tested though with users which are synced from an Identity Server such as AD and so on. In that situation you will automatically get users imported at logon, that being said as far as I know QR codes are only supported for local commcell users, not for SAML users. SAML users need the secret key provided in the very first e-mail to configure a tool to generate a PIN code.
sorry the delayed reply, after upgrading to 26, we are able to configure MFA for admin accounts from AD without working email addresses, and we were able to successfully test MFA with DOU as well. can you please request documentation to be updated with DOU or provide some info on why Commvault suggests to use Microsoft or Google authenticator?
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
