Showing results for 
Search instead for 
Did you mean: 

NetBackup 10.3+ Offers Confguring Multiple Primary Servers Within a Single SAML IDP Application

Level 3


Using Security Assertion Markup Language (SAML) with multiple domains of NetBackup just got a lot easier. Previous to NetBackup 10.3, the SAML vendor-defined primary service provider entity ID had to be bound to a single NBU Primary Server. SAML entity IDs must be a Universal Resource Identifier (URI) and are used for federation/establishing trust between SAML and NetBackup. So, if someone wanted to configure multiple NetBackup primary servers in Okta's IDP, or any other IDP, an external application instance for every primary server had to be created. This is because each entity ID was unique to each primary server. If a user was added to an organization needing access to all NetBackup primary servers, that user had to be added to every NetBackup primary server external IDP application. That added a lot of NetBackup and SAML administrative effort to customer Security teams.

Starting with NetBackup 10.3, it's now possible to configure the entity ID for each NetBackup Primary Server. The Entity ID does not need to be resolvable in DNS. It can be any name in the format of a URL that you create to have the meaning you want. The same entity IT can also be used by multiple primary servers. This allows multiple primary servers to be added to a single external IDP application. The result is that NetBackup users can be granted access to all primary servers by simply assigning them to a single NetBackup external IDP application. This eliminates manual user additions to individual primary server external IDP applications.