Tech Corner: Single Sign On for CommVault

Tech Corner: Single Sign on for CommVault

Those of us that use CommVault 7.0 know that every time that you want to go into CommVault and administer anything you have to login to the CommVault GUI to do so. How nice would it be if you did not have to actually login each time but could automatically open the CommCell Console using your current desktop logon credentials?

Well if you use the feature Single Sign On in version 7.0 of CommVault it can do just that. The Single Sign On feature enables users to log in to the CommServe using their user-account credentials from the Active Directory service provider, inheriting capabilities on the CommServe based on their Active Directory group membership. If the Single Sign On feature is enabled for this Active Directory domain, the login/password entry screen is bypassed, and the user is authenticated without having to enter any login/password information. Users can also launch the CommCell Console and select Cancel before the application initiates the login process. The username field is pre-populated if the user is connecting to the CommServe, and the Active Directory domain they are currently logged into has been configured on the CommServe. Users also have the option to overwrite this username with other Active Directory user account credentials. When a username is entered with a domain name, the CommServe Server automatically recognizes that the password information must be authenticated by the external domain server.

Before the Single Sign On feature can be used, users must provide the information required to communicate with the Active Directory service provider (such as domain name, hostname of directory server, directory service type, username and password) so that it will be maintained in the CommServe database for authentication purposes. To do this, you must Add a New Domain Controller, which registers the external domain with the CommServe Server. Once you enter this information, you or a CommServe administrator, must associate certain external domain user groups (domain name\user group) with a user group defined in the CommServe. This will provide the external domain users access to the CommCell entities. For more information, see Add a New External User Group. Note that the CommServe user group must have Browse capabilities in order for the Single Sign On feature to work properly.

Once these steps are taken you should be able to close the Comcell Console and start it again but this time it should automatically log you in with the credentials.

Add a New Domain Controller
1. From the CommCell Browser, click the Security icon, and right-click on the Name Servers icon. From the popup menu, select Add New Domain.

2. Enter the appropriate information in the Add New Domain Controller dialog box. You will need to enter the following information:

Domain Name: Enter the NetBIOS name, not the Fully Qualified Domain Name (FQDN).

Directory Server Host Name

User Account: Click Edit to enter the user account information for the external domain.

Upon entering this information, you will need determine whether the domain controller should be enabled for the SSO feature (Single Sign On) and/or disabled for use.

3. Click OK.

NOTES

You can also access the Add New Domain Controller dialog box from the CommCell Console's Action dropdown menu.

Add a New External User Group

1. From the CommCell Browser, click the Security icon and expand all the nodes.

2. Click on the external domain for which you want to add an external user group, and right click on the External Group icon.

3. From the Add New External Group dialog box, select the external user group for which you want to associate the CommCell user groups. Note that the external user group that you select must have their Group Scope defined as Global. This can be verified in the external domain’s interface; check the external user group’s properties. This will prevent any conflicts that may arise during Single Sign On login for an external domain user when this user and corresponding external domain user groups reside in child and parent domains.

4. Select the CommCell user groups to associate with the specified external user group.

5. Click OK.

EAGLE distributes a full line of storage and backup products including tape library backup solutions, backup and recovery software packages, and SAN and NAS storage solutions. EAGLE also provides pre-sales evaluation and design, integration and support services.

For more information on EAGLE's products and services, contact: EAGLE Software, 123 Indiana Ave., Salina, KS 67401; Phone (800) 477-5432; Fax: (785) 823-6185; email: contact@eaglesoft.com; website: http://www.storagebyeagle.com.

###

(back to newsletter)