Commvault users can be automatically created from SAML identity provider (IdP) responses. Users are identified by their email suffixes. After a user is automatically created, that user can be automatically added to a user group.
Before You Begin
Review the IdP response to determine the value sent in the NameID element. The expected value is either an email address or a user principal name (UPN).
Procedure
-
From the navigation pane, go to Manage > Security.
The Security page appears.
-
Click the Identity servers tile.
The Identity servers page appears.
-
In the Name column, click the name of the SAML application.
The SAML application properties page appears.
-
On the General tab, in the General section, move the Auto create user toggle key to the right.
-
To automatically add users to a user group, choose the user group:
-
Next to User group, click the Edit button
. -
From the User group list, select the user group to associate with the users who are automatically created.
-
Click Submit.
-
-
Next to NameID attribute, click the Edit button
. -
From the NameID attribute list, based on what is in the IdP response, select either Email or User Principal Name.
-
Click Submit.
-
On the Associations tab, in the Email suffixes section, click the Edit button
.The Edit association dialog box appears.
-
In the email suffixes box, enter an email suffix, and then click Add.
Note
You can add multiple email suffixes addresses. Separate each email suffix with a comma. For example, enter gmail.com,abccompany.com,outlook.com.
Only users associated with the email suffixes that you enter are automatically created.
-
Click Save.