Users who are authenticated by the RADIUS server must be created in the Commvault software before they can be authenticated. When you add a RADIUS user account, you can assign the account to the available user groups or leave the account unassigned.
Before You Begin
-
You must have appropriate permissions to create an external user. For information on permissions, see Permissions and Permitted Actions by Feature.
-
Add the RADIUS server. For information, see Adding a RADIUS Server.
Procedure
-
From the CommCell Browser, go to Security > Domains > radius_server_name, right-click Users and select New User.
The New User Properties dialog box is displayed.
-
In the User Name box, enter the user name that will be sent to the RADIUS server for authentication.
-
In the Full Name field, enter the complete name of the user.
-
In the Email ID field, enter the user's email address.
-
To control the access of the user, do one of the following:
-
On the User Group tab, add the user to a user group and then create a security association on the user group.
For information on creating security associations on a user group, see Administering the Security Associations of a User Group.
-
On the Associated Entities tab, create a security association.
For information on creating security associations directly on a user, see Administering the Security Associations of a User.
-
-
Click OK.
Result
When RADIUS users log on, they must use the following format: RADIUS_server_name\user_name, for example, CVRAD1\jsmith. If two-factor authentication is enabled on the RADIUS server, users are presented with a log on window where they can enter a one-time password (OTP).