This article guides you to configure SAML-based SSO and RBAC for Insight Archiving Users using the Microsoft Entra ID SSO App.
To configure SAML-based SSO and RBAC for Insight Archiving Users using Microsoft Entra ID
- Enable Role-Based Claims in Arctera Insight Management Console:
- Access the Arctera Insight Management console and navigate to Policy Management > Authentication Management.
- Set Role-Based Claims Allowed to Yes.
Configure Claim Mapping in Microsoft Entra ID:
Access Entra ID Admin Center and navigate to the application created for Insight Archiving SSO in Entra ID.
Add a new claim to the application as below and save the claim.
Name -approle
Namespace -http://schemas.xmlsoap.org/ws/2005/05/identity/claims
Source attribute -user.assignedroles
The claim appears as shown in the sample image below:
Define Application Roles in Entra ID:
Navigate to App Registration and open the SSO application.
Navigate to App roles and click Create app role.
Enter the Display name of the app role.
Set Allowed member types to Users/Groups.
Set the values as SystemAdministrator.
Check the box 'Do you want to enable this app role?' and click Apply.
The value can be entered based on the role that needs to be associated with the user. Refer to the table below which shows the Insight Archiving Built-In roles and how their value needs to be entered in the configuration.
PrivilegeGroupName Value Account Manager AccountManager Archive Collections Manager ArchiveCollectionsManager Continuity Manager ContinuityManager eDiscovery Administrator eDiscoveryAdministrator Policy Manager PolicyManager Retention Manager RetentionManager Role Manager RoleManager System Administrator SystemAdministrator Classification Administrator ClassificationAdministrator 
Assign Roles to Users or Groups associated with this application:
In the Enterprise Applications section, select the Insight Archiving application.
Click Users and groups. Select the user to which this permission needs to be assigned and click on Edit Assignment.
Click on Select a role | None selected.
Select the role that has been created for the assignment. In this example, the role of SystemAdmin is being assigned.
Click Select, and then click Assign.
Verify that users can log in to the Insight Archiving portal via SSO and receive the appropriate role-based access.
The user can log in to the Insight Archiving Management Portal using the SSO URL. The assigned role should be automatically applied on the Insight Archiving side.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.