Hi all, just looking for some advice. I have a CommCell that had SSO enabled for years and I can see all the local Support Team accounts under users in the CommCell. I have disabled SSO on the AD domain’s configured and now I am planning on setting up MFA. My thinking is to do the following Create an MFA group Enabled MFA for above group. Create new CV only local accounts for CV Admin staff and add these to the MFA group.Q, is this what others out there are doing ? also for old SSO accounts, can these be added to the MFA group so they can't logon and more with MFA. Thanks

Question

MFA Best Practices

4 months ago
October 17, 2024
3 replies
130 views

atitagain
Byte
44 replies

Hi all,

just looking for some advice.

I have a CommCell that had SSO enabled for years and I can see all the local Support Team accounts under users in the CommCell.

I have disabled SSO on the AD domain’s configured and now I am planning on setting up MFA.

My thinking is to do the following

Create an MFA group
Enabled MFA for above group.
Create new CV only local accounts for CV Admin staff and add these to the MFA group.

Q, is this what others out there are doing ? also for old SSO accounts, can these be added to the MFA group so they can't logon and more with MFA.

Thanks

atitagain
Author
Byte
44 replies
4 months ago
October 17, 2024

additionally, while testing MFA I see that a user gets prompted for PIN when using the CommCell Console but for the Command Center its still using SSO even though the SSO tick box is unticked on the domain.

+11

Pradeep
Vaulter
235 replies
4 months ago
October 18, 2024

Hi @atitagain ,

You may proceed to follow the above POA to create specific group and enable MFA only for the required group.
However, these configuration are customer environment specific and it depends on how the security features are designed at site to accessing the application while using domain login.

Check if below additional settings are added on web console client properties if its added kindly disable and restart tomcat service once and check login status.

Name	bEnableCvAccountsSSO
Category	WebConsole
Type	BOOLEAN
Value	true

+11

Pradeep
Vaulter
235 replies
4 months ago
October 18, 2024

you may also refer below document and update additional settings as shown in document and change value to 0 to disable SSO

https://documentation.commvault.com/additionalsetting/details?name=SecurityProtocol&_gl=1*12i5cr8*_gcl_au*MTMzMTIzMTc4Ny4xNzIyMjM1OTA4

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

Volume level not set properly via Google Assistanticon

Sony A9G Sound Set-Up with Sonos Playbase & Comcast xFinity x1 Cable Box

Google Assistant making Arc volume go to 100 despite what I tell it

Sonos Beam & GA - Controlling Volumeicon

alexa voice assistant is too energetic.icon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings