Automatically Creating Users from a SAML Response


Commvault users can be automatically created from SAML identity provider (IdP) responses. Users are identified by their email suffixes. After a user is automatically created, that user can be automatically added to a user group.

Before You Begin

Review the IdP response to determine the value sent in the NameID element. The expected value is either an email address or a user principal name (UPN).


  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Identity servers tile.

    The Identity servers page appears.

  3. In the Name column, click the name of the SAML application.

    The SAML application properties page appears.

  4. On the General tab, in the General section, move the Auto create user toggle key to the right.

  5. To automatically add users to a user group, choose the user group:

    1. Next to User group, click the Edit button .

    2. From the User group list, select the user group to associate with the users who are automatically created.

    3. Click Submit.

  6. Next to NameID attribute, click the Edit button .

  7. From the NameID attribute list, based on what is in the IdP response, select either Email or User Principal Name.

  8. Click Submit.

  9. On the Associations tab, in the Email suffixes section, click the Edit button .

    The Edit association dialog box appears.

  10. In the email suffixes box, enter an email suffix, and then click Add.

    Note: You can add multiple email suffixes addresses. Separate each email suffix with a comma. For example, enter,,

    Only users associated with the email suffixes that you enter are automatically created.

  11. Click Save.

Mapping SAML Attributes