Showing results for 
Search instead for 
Did you mean: 

NetBackup 10.3+ Has RBAC Support for SAML Users/Groups Without a Domain Name

Level 4

SAML Groups.jpg

Customers asked and we listened. Starting with NetBackup 10.3, you no longer need to specify a domain name when configuring SAML groups/users in RBAC. NetBackup 8.X+ had been requiring SAML groups be configured in a groupname@domainname format like we have for Active Directory groups. Here's an example using a single domain user:

Domain User.jpg

While many customer security organizations want groups bound to specific domains whenever possible, those of very large customers with dozens or hundreds of NetBackup domains and thousands of SAML groups/users do not. It makes their NetBackup SAML group management much harder. To make everyone's life easier, you now have a choice to use a user's domain name or not. NetBackup 10.3+ is now happy if SAML says a user is good to go from whatever domain they're in, as long as the group information is correct. Here's an example showing a user group name without a domain name:

Group Assignment 1.jpg