NetBackup 10.3+ Has RBAC Support for SAML Users/Groups Without a Domain Name
Customers asked and we listened. Starting with NetBackup 10.3, you no longer need to specify a domain name when configuring SAML groups/users in RBAC. NetBackup 8.X+ had been requiring SAML groups be configured in a groupname@domainname format like we have for Active Directory groups. Here's an example using a single domain user:
While many customer security organizations want groups bound to specific domains whenever possible, those of very large customers with dozens or hundreds of NetBackup domains and thousands of SAML groups/users do not. It makes their NetBackup SAML group management much harder. To make everyone's life easier, you now have a choice to use a user's domain name or not. NetBackup 10.3+ is now happy if SAML says a user is good to go from whatever domain they're in, as long as the group information is correct. Here's an example showing a user group name without a domain name: