Enterprise Vault™ Installing and Configuring

Last Published:
Product(s): Enterprise Vault (15.1)
  1. About this guide
    1.  
      When to use this guide
    2.  
      Introducing this guide
    3. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Section I. Enterprise Vault requirements
    1. Enterprise Vault hardware requirements
      1. Hardware requirements for Enterprise Vault server
        1.  
          Running Enterprise Vault on a virtual server
        2.  
          Additional processing capacity for initial archiving
      2.  
        Hardware requirements for SQL Server
      3.  
        Network requirements for Enterprise Vault
      4. About the storage requirements for Enterprise Vault
        1. Storage for vault stores
          1.  
            Preparing WORM storage devices
          2.  
            Required amount of storage for vault stores
          3.  
            Migration of archived data to secondary storage
        2.  
          Storage for Enterprise Vault indexes
        3.  
          Storage for Enterprise Vault index snapshot location
        4. Storage requirements for SQL databases
          1.  
            Storage required for the Enterprise Vault Directory database
          2.  
            Storage required for the vault store databases
          3.  
            Storage required for the fingerprint databases
          4.  
            Storage required for the Monitoring database
          5.  
            Storage required for the FSA Reporting databases
          6.  
            Storage required for the audit database
        5.  
          Storage requirements for the Enterprise Vault cache folder
        6.  
          Local storage requirements for temporary files
        7.  
          TEMP folder security requirements
        8.  
          Granting additional users and groups access to the TEMP folder
    2. Enterprise Vault required software and settings
      1.  
        About the Enterprise Vault required software and settings
      2.  
        About valid computer names for Enterprise Vault servers
      3.  
        About the Enterprise Vault Deployment Scanner
      4. Basic software requirements for Enterprise Vault
        1. Required operating system components for Enterprise Vault
          1.  
            Installing MSMQ
          2. Internet Information Services (IIS)
            1.  
              Enterprise Vault requirements for IIS
          3.  
            PowerShell
          4.  
            MSXML
          5.  
            Windows IFilter
        2.  
          SQL Server software
        3.  
          SQLXML
        4.  
          Net.Tcp port sharing on Index Servers
      5. Best practice settings for Enterprise Vault servers
        1.  
          Message queue cleanup interval: MessageCleanupInterval
        2.  
          Message queue message storage limit: MachineQuota
        3.  
          Disable opportunistic locking: OplocksDisabled
        4.  
          Disable loopback check: DisableLoopbackCheck
        5.  
          Disable strict name checking: DisableStrictNameChecking
        6.  
          Maximum Outlook attachments and recipients: AttachmentMax and RecipientMax
        7.  
          TCP/IP maximum ports and TCP timed wait delay
      6. Preinstallation tasks for Enterprise Vault server
        1.  
          Creating the Vault Service account
        2.  
          Creating a SQL login account
        3. About assigning permissions and roles in SQL databases
          1.  
            Assigning permissions and roles in SQL Server databases
        4.  
          Assigning the required SQL Server roles and permissions to an Active Directory group
        5.  
          Locking down Enterprise Vault SQL databases
        6.  
          Creating Enterprise Vault DNS aliases
        7.  
          Turning off or reconfiguring Windows Firewall
        8.  
          Securing data locations
        9.  
          About User Account Control (UAC)
    3. Additional requirements for Operations Manager
      1.  
        About additional requirements for Operations Manager
      2.  
        Where and when to install Operations Manager
      3.  
        Additional required software for Operations Manager
      4.  
        Additional preinstallation tasks for Operations Manager
    4. Additional requirements for classification
      1.  
        Prerequisites for classification
      2.  
        Roles-based administration (RBA) and the classification feature
    5. Additional requirements for Enterprise Vault Reporting
      1.  
        About the requirements for Enterprise Vault Reporting
      2.  
        Where and when to install Enterprise Vault Reporting
      3.  
        Prerequisites for Enterprise Vault Reporting
      4.  
        Enterprise Vault reports that require monitoring or auditing to be enabled
      5.  
        Preparing for the installation of Enterprise Vault Reporting
    6. Additional requirements for Exchange Server archiving
      1.  
        About Exchange Server archiving
      2. Preinstallation tasks for Exchange server archiving
        1.  
          Installing Outlook on the Enterprise Vault server
        2.  
          Creating the Enterprise Vault system mailbox
        3.  
          Removing the restriction on NSPI connections to a Windows Server domain controller
        4.  
          Creating a user profile on the Enterprise Vault server
        5.  
          Creating a mailbox for the Vault Service account
        6.  
          Configuring the Exchange throttling policy on the Vault Service account
        7.  
          Granting the Vault Service account Send As permission on the system mailboxes
        8. Assigning Exchange Server permissions to the Vault Service account
          1.  
            Microsoft Exchange permissions assigned to the Vault Service account
      3. Enterprise Vault client access with Exchange Server archiving
        1.  
          Requirements for the Enterprise Vault Outlook Add-In
        2.  
          Requirements for Enterprise Vault Client for Mac OS X
        3.  
          Requirements for the Enterprise Vault Office Mail App
        4.  
          Requirements for OWA
        5.  
          Customized shortcuts
        6.  
          Browser-based access to archives
    7. Additional requirements for Domino Server archiving
      1.  
        Domino Server archiving requirements for all Enterprise Vault servers
      2. Requirements for Domino mailbox archiving
        1.  
          Required software for Enterprise Vault Domino Gateway
        2.  
          Required software for target Domino mail servers
        3.  
          Requirements for Enterprise Vault extensions for Notes clients
        4.  
          Preinstallation tasks for Domino mailbox archiving
        5. Register the Enterprise Vault Domino Gateway
          1.  
            Configuring the Internet port on the Enterprise Vault Domino Gateway
          2.  
            Configuring server security for the Enterprise Vault Domino Gateway
          3.  
            Configuring Single Sign-On on the Enterprise Vault Domino Gateway
          4.  
            Configuring Time-based One-Time Password on the Enterprise Vault Domino Gateway
          5.  
            Clustering Enterprise Vault Domino Gateway servers
          6.  
            Configuring an alias URL for web connections to the Enterprise Vault Domino Gateway server
        6. About the user ID for Domino mailbox archiving
          1.  
            Creating the Domino archiving user
          2.  
            Granting the Domino archiving user access to all mail files
        7.  
          Configuring the server document for each target Domino mail server
        8.  
          Install and configure Enterprise Vault Domino Gateway
      3. Requirements for Domino journaling archiving
        1. Requirements for Enterprise Vault archiving from Domino Journaling databases
          1.  
            Support for Enterprise Vault archiving from clustered Domino journal databases
        2.  
          Configuring access for Enterprise Vault to Domino domain, server, and Journaling location
        3.  
          Domino mailing list groups
        4.  
          Client access for Domino journal archiving
    8. Additional requirements for File System Archiving (FSA)
      1.  
        About the requirements for FSA
      2.  
        Enterprise Vault server requirements for FSA
      3. About FSA shortcuts
        1.  
          Placeholder shortcut requirements
      4.  
        About the FSA Agent
      5.  
        Preparing file servers for FSA
      6.  
        Client requirements for FSA
    9. Additional requirements for SharePoint Server archiving
      1.  
        About the Enterprise Vault server requirements for SharePoint Server archiving
      2. Requirements for SharePoint Servers
        1.  
          About SharePoint security certificates
    10. Additional requirements for Skype for Business Archiving
      1.  
        About the requirements for Skype for Business Archiving
      2.  
        Prerequisites for Skype for Business Archiving
      3.  
        Roles-based administration (RBA) and Skype for Business Archiving
      4.  
        Assigning the permissions required for exporting conversations from Skype for Business
    11. Additional requirements for SMTP Archiving
      1.  
        Additional requirements for Enterprise Vault SMTP servers
    12. Additional requirements for Enterprise Vault Search
      1.  
        Server requirements for Enterprise Vault Search
      2. Requirements for installing Enterprise Vault Search Mobile edition on a proxy server
        1.  
          Disabling unsafe cryptographic protocols and cipher suites
    13. Additional requirements for a standalone Enterprise Vault Administration Console
      1.  
        About the requirements for a standalone Enterprise Vault Administration Console
    14. Additional requirements for the Archive Discovery Search Service
      1.  
        About additional requirements for the Archive Discovery Search Service
      2.  
        Additional required software for the Archive Discovery Search Service
      3.  
        Configuring SSL for the Archive Discovery Search Service
      4.  
        Using Operations Manager to monitor the Archive Discovery Search Service
    15. Additional requirements for Single Sign-On
      1.  
        Configuring Single Sign-On
  3. Section II. Installing Enterprise Vault
    1. Licenses and license keys
      1.  
        Overview of Enterprise Vault licensing
      2.  
        Obtaining license keys for Enterprise Vault
      3.  
        Installing Enterprise Vault license key files
      4.  
        Replacing Enterprise Vault licenses and installing additional licenses
    2. Installing Enterprise Vault
      1.  
        About installing Enterprise Vault
      2.  
        Installing Enterprise Vault (wizard)
      3.  
        Installing Enterprise Vault (command line)
    3. Repairing, modifying, or uninstalling Enterprise Vault
      1.  
        About repairing, modifying, or uninstalling Enterprise Vault
      2.  
        Modifying Enterprise Vault
      3.  
        Repairing Enterprise Vault
      4.  
        Uninstalling Enterprise Vault
  4. Section III. Configuring Enterprise Vault
    1. About configuring Enterprise Vault
      1.  
        About configuring Enterprise Vault
    2. Running the Enterprise Vault configuration wizard
      1.  
        When to run the Enterprise Vault configuration wizard
      2.  
        What the Enterprise Vault configuration wizard does
      3.  
        Running the Enterprise Vault configuration wizard
      4.  
        Troubleshooting configuration of the Enterprise Vault Monitoring database
      5.  
        Troubleshooting default SSL configuration issues
    3. Securing Enterprise Vault Web Access components
      1.  
        Default security for the Enterprise Vault Web Access components
      2.  
        Customizing the port or protocol for the Enterprise Vault Web Access components
      3.  
        Customizing authentication for the Enterprise Vault Web Access components
      4. Customizing security for the Web Access components on client computers
        1.  
          Configuring Internet Explorer to use the proxy bypass list
        2.  
          Configuring a web browser to trust the Enterprise Vault Web Access components
        3.  
          Publishing Enterprise Vault server details to USGCB-compliant computers
        4.  
          Enabling remote access to the Enterprise Vault Web Access computer
      5.  
        Encrypting session cookies
    4. Running the Enterprise Vault Getting Started wizard
      1.  
        What the Enterprise Vault Getting Started wizard does
      2.  
        Preparing to run the Enterprise Vault Getting Started wizard
      3.  
        Running the Enterprise Vault Getting Started wizard
      4. About the express and custom modes of the Enterprise Vault Getting Started wizard
        1. About indexing configuration with the Enterprise Vault Getting Started wizard
          1.  
            Automatic indexing configuration in express mode
        2. About storage configuration with the Enterprise Vault Getting Started wizard
          1.  
            Storage configuration information you must supply in express mode
          2.  
            Automatic storage configuration in express mode
        3.  
          About policy definition with the Enterprise Vault Getting Started wizard
        4.  
          About Exchange target configuration with the Enterprise Vault Getting Started wizard
        5.  
          About Domino target configuration with the Enterprise Vault Getting Started wizard
        6.  
          About file target configuration with the Enterprise Vault Getting Started wizard
      5.  
        Planning for the Enterprise Vault Getting Started wizard
    5. Configuring Enterprise Vault Operations Manager
      1.  
        When to run the Enterprise Vault Operations Manager Configuration utility
      2.  
        Running the Enterprise Vault Operations Manager Configuration utility
      3.  
        Accessing Enterprise Vault Operations Manager
      4.  
        Troubleshooting Enterprise Vault Operations Manager
    6. Configuring the Archive Discovery Search Service
      1.  
        Before you begin
      2.  
        Running the Archive Discovery Search Service configuration wizard
      3.  
        Manually configuring the request endpoint for the Archive Discovery Search Service
      4.  
        Manually configuring a result endpoint for the Archive Discovery Search Service
  5. Section IV. Initial Enterprise Vault setup
    1. Initial Enterprise Vault setup
      1.  
        License keys
      2. Using the Enterprise Vault Administration Console
        1.  
          Starting the Enterprise Vault Administration Console
        2.  
          About administration roles in the Enterprise Vault Administration Console
      3.  
        Adding core Enterprise Vault services with the Administration Console
      4. Creating Enterprise Vault retention categories
        1.  
          About the properties of Enterprise Vault retention categories
        2.  
          About retention plans
        3.  
          Creating retention plans
      5.  
        Performance issues when Enterprise Vault has limited or no access to the Internet
    2. Setting up storage
      1.  
        About setting up storage for Enterprise Vault archives
      2. About Enterprise Vault single instance storage
        1.  
          About sharing levels and sharing boundaries
        2.  
          How Enterprise Vault single instance storage works
        3.  
          About the fingerprint database
        4.  
          Deletion of SIS parts
        5.  
          Requirements for Enterprise Vault single instance storage
        6.  
          About Centera device-level sharing
        7.  
          About sharing partitions on storage devices that support the Enterprise Vault storage streamer API
      3.  
        Developing a suitable sharing regime for Enterprise Vault single instance storage
      4.  
        Creating vault store groups
      5. About creating vault stores
        1. About Enterprise Vault safety copies
          1.  
            Choosing when to remove Enterprise Vault safety copies
          2.  
            Checking that the partition has been backed up before Enterprise Vault removes safety copies
          3.  
            Using the archive attribute to determine whether a partition has been backed up
          4.  
            Using the trigger file mechanism to determine whether a partition has been backed up
        2.  
          Creating a vault store
      6. Creating vault store partitions
        1. Initial states of vault store partitions
          1.  
            About closed Enterprise Vault partitions
        2. About collections and migration
          1.  
            Collections on Dell EMC Centera devices
        3.  
          Creating a standard vault store partition
        4.  
          Setting up smart partitions
        5.  
          Partition network shares for NTFS partitions with local paths
      7.  
        Configuring sharing for a vault store group
    3. Configuring index locations
      1.  
        About Enterprise Vault index location
      2.  
        Creating an Enterprise Vault index location
    4. Setting up Index Server groups
      1.  
        About Index Server groups
      2. Do I need to create Index Server groups?
        1.  
          Do you have more than one Enterprise Vault server?
        2.  
          Do you use or plan to use journal archiving or File System Archiving?
        3.  
          Do you use or plan to use Compliance Accelerator or Discovery Accelerator?
        4.  
          Is the server loading evenly distributed across existing Enterprise Vault servers?
        5.  
          Are there more than approximately 5,000 mailbox archives per Enterprise Vault server?
      3.  
        Creating an Index Server group
      4.  
        Adding an Index Server to an Index Server group
      5.  
        Removing an Index Server from an Index Server group
      6.  
        Assigning a vault store to an Index Server group
      7.  
        Unassigning a vault store from an Index Server group
      8.  
        Assigning a vault store to a different indexer
    5. Reviewing the default settings for the site
      1. Reviewing the default settings for the Enterprise Vault site
        1.  
          Setting the archiving schedule for the Enterprise Vault site
        2.  
          About the Web Access application settings
    6. Setting up Enterprise Vault Search
      1.  
        About Enterprise Vault Search
      2.  
        Defining search policies for Enterprise Vault Search
      3.  
        Allowing privileged Enterprise Vault Search users to restore items to other users' mailboxes
      4. Setting up provisioning groups for Enterprise Vault Search
        1.  
          Changing the order in which Enterprise Vault processes the search provisioning groups
      5.  
        Creating and configuring Client Access Provisioning tasks for Enterprise Vault Search
      6. Configuring user browsers for Enterprise Vault Search
        1.  
          Configuring the Block Untrusted Fonts feature in Windows 10
      7.  
        Configuring Enterprise Vault Search for use in Forefront TMG and similar environments
      8. Setting up Enterprise Vault Search Mobile edition
        1.  
          Carrying out preinstallation tasks for Enterprise Vault Search Mobile edition
        2.  
          Installing Enterprise Vault Search Mobile edition
        3.  
          Configuring the maximum number of permitted login attempts to Enterprise Vault Search Mobile edition
        4.  
          Verifying the installation of Enterprise Vault Search Mobile edition
    7. Managing metadata stores
      1.  
        About metadata stores
      2.  
        About metadata store PowerShell cmdlets
      3.  
        About fast browsing and metadata store indexes
  6. Section V. Clustering Enterprise Vault with VCS
    1. Introducing clustering with VCS
      1.  
        Supported VCS configurations and software
      2.  
        About Enterprise Vault and the VCS GenericService agent
      3.  
        Typical Enterprise Vault configuration in a VCS cluster
      4.  
        Order in which to install and configure the components in a VCS environment
    2. Installing and configuring Storage Foundation HA for Windows
      1.  
        Installing and configuring Storage Foundation HA for Windows with Enterprise Vault
      2.  
        Managing disk groups and volumes in a Storage Foundation HA environment
    3. Configuring the VCS service group for Enterprise Vault
      1.  
        About configuring the VCS service group for Enterprise Vault
      2.  
        Before you configure the VCS service group for Enterprise Vault
      3.  
        Creating a VCS service group for Enterprise Vault
      4.  
        Modifying an existing VCS service group
      5.  
        Deleting a VCS service group
    4. Running the Enterprise Vault Configuration wizard
      1.  
        Before you run the Enterprise Vault Configuration wizard
      2. Setting up Enterprise Vault in an active/passive VCS configuration
        1. Adding VCS cluster support in a first-time Enterprise Vault installation
          1.  
            Troubleshooting configuration of the Monitoring database
        2. Upgrading an existing Enterprise Vault installation to a VCS cluster
          1.  
            Moving Enterprise Vault data to highly-available locations
        3.  
          Adding SMTP Archiving to an existing clustered Enterprise Vault server
      3. About setting up Enterprise Vault in a VCS N+1 configuration
        1.  
          Configuring two Enterprise Vault server nodes and a spare node in a VCS N+1 cluster
        2.  
          Configuring two Enterprise Vault servers to run on any of the three nodes in a VCS cluster
        3.  
          Disallowing two Enterprise Vault servers on the same node in a VCS cluster
    5. Implementing an SFW HA-VVR disaster recovery solution with Enterprise Vault
      1.  
        About installing and configuring SFW HA-VVR with Enterprise Vault
      2.  
        Overview of the steps for installing and configuring SFW HA-VVR
      3.  
        Setting up the VCS cluster on the primary site
      4.  
        Setting up the VCS cluster on the secondary site
      5.  
        Adding the VVR components for replication
      6.  
        Adding the GCO components for wide-area recovery
    6. Troubleshooting clustering with VCS
      1.  
        VCS logging
      2.  
        Enterprise Vault Cluster Setup wizard error messages
      3.  
        Viewing the clustered message queues for an Enterprise Vault virtual server
  7. Section VI. Clustering Enterprise Vault with Windows Server Failover Clustering
    1. Introducing clustering with Windows Server Failover Clustering
      1.  
        About clustering Enterprise Vault with Windows Server Failover Clustering
      2.  
        Supported Windows Server Failover Clustering configurations
      3.  
        Required software and restrictions on clustering Enterprise Vault with Windows Server Failover Clustering
      4.  
        Typical Enterprise Vault configuration in a Windows Server failover cluster
      5. Control of Enterprise Vault services in a Windows Server failover cluster
        1.  
          About cluster services and Enterprise Vault service resources in a Windows Server failover cluster
        2.  
          What happens at failover in a Windows Server failover cluster
    2. Preparing to cluster with Windows Server Failover Clustering
      1.  
        Preparing to cluster Enterprise Vault with Windows Server Failover Clustering
      2.  
        Setting up the shared disks and volumes for a Windows Server failover cluster
      3.  
        Setting up the Enterprise Vault cluster services for a Windows Server failover cluster
    3. Configuring Enterprise Vault in a Windows Server failover cluster
      1.  
        About configuring Enterprise Vault in a Windows Server failover cluster
      2. Setting up a new Enterprise Vault installation with Windows Server Failover Clustering support
        1.  
          Configuring a new Enterprise Vault server with Windows Server Failover Clustering support
        2.  
          Configuring a failover node in a Windows Server failover cluster
        3.  
          Troubleshooting configuration of the Enterprise Vault Monitoring database
        4. Examples of Enterprise Vault installations in various Windows Server Failover Clustering modes
          1.  
            Clustering Enterprise Vault in an active/passive failover configuration
          2.  
            Clustering Enterprise Vault in a 2+1 configuration without "any-to-any" support
          3.  
            Clustering Enterprise Vault in a 2+1 "any-to-any" configuration
      3. Converting an existing Enterprise Vault installation to a Windows Server failover cluster
        1. Converting an existing Enterprise Vault server to a server with Windows Server Failover Clustering support
          1.  
            Moving Enterprise Vault data to highly available locations
      4. Modifying an existing Enterprise Vault cluster
        1.  
          Adding a node to an existing Windows Server failover cluster
        2.  
          Adding shared storage to an existing Windows Server failover cluster for an Enterprise Vault cluster server
        3.  
          Adding Enterprise Vault SMTP Archiving to an existing clustered Enterprise Vault server
    4. Troubleshooting clustering with Windows Server Failover Clustering
      1.  
        About this chapter
      2.  
        Enterprise Vault event messages and the failover cluster log
      3.  
        Resource ownership and dependencies when configuring Enterprise Vault in a failover clustered environment
      4.  
        Registry replication on failover clustered nodes
      5.  
        Viewing the clustered message queues for an Enterprise Vault cluster server
      6.  
        Starting and stopping Enterprise Vault services in a Windows Server Failover Clustering environment
      7.  
        Potential failover issue in a Windows Server cluster
  8. Appendix A. Automatically preparing an Enterprise Vault server
    1.  
      About automatically preparing an Enterprise Vault server
    2.  
      Windows features enabled by the Prepare My System option
    3.  
      Running the Prepare My System option

Configuring Single Sign-On

Starting with release 14.1, Enterprise Vault supports enterprise Single Sign-On (SSO) authentication for Enterprise Vault Search site using Security Assertion Markup Language (SAML) 2.0 compliant Identity Providers (IdPs).

Perform the following steps to set up the SAML-based authentication:

  • Step 1: Register a new application in Identity Provider with the details about Enterprise Vault Server.

    Enterprise Vault works with several Identify Providers, such as okta, Microsoft Azure, AWS, and so on. These steps use the okta IdP; the steps to register a new application in Identity Provider vary based on the IdP you use.

  • Step 2: Configure the required properties in Enterprise Vault Administration Console.

  • Step 3: Run UpdateEVWeb.exe using Enterprise Vault Management shell.

Step 1: Register a new application in Identity Provider with the details about Enterprise Vault Server

  1. Sign in to the Identity Provider administrator portal.
  2. Register New Application. During the application registration, if asked, provide the following details:

    • Name of the App: Enterprise Vault Search

    • Platform: Web based

    • Sign On Method: SAML 2.0

    • Single sign on URL OR ACS URL: https://<your-EVserver-server-name-here >/EnterpriseVault/Search/SamlAcs.aspx

      Note:

      The URL specifies the location where the SAML assertion is sent by the IdP with a HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL of the application.

      Note:

      If you have deployed Enterprise Vault in a cluster environment:

      Single sign on URL OR ACS URL:

      https://<Enterprise Vault Server IP OR Host name>/EnterpriseVault/Search/SamlAcs.aspx

      Here, provide the virtual IP or Role IP host name.

      For example, https://<Virtual IP/host name>/EnterpriseVault/Search/SamlAcs.aspx

    • Audience URI (SP Entity ID) or Issuer: https://<your-EV-server-namehere>/

      Note:

      It specifies the application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of the application.

      Note:

      If you have deployed Enterprise Vault in a cluster environment:

      Audience URI (SP Entity ID) or Issuer:

      https://<EV Server IP OR Host name>/EnterpriseVault/Search

      For example, https://<Virtual IP or Role IP host name>/EnterpriseVault/Search/

    • Ensure that the Attribute Statement of assertion is configured to return the User Principal Name (UPN) value of the user (for example, user@WindowsADdomain.com), with attribute name UPN. Enterprise Vault uses this value to map with the Windows Active Directory user for authorization.

      Note:

      Ensure that the Response configuration is such that the SAML Response and the Assertion in the response must be signed using Signature Algorithm RSA-SHA256.

      Enterprise Vault currently does not support automatic configuration for SAML using MetaData URL. All the configuration details need to be configured manually.

  3. Once the application is registered, go to the Sign On tab of the registered application, and then click View Setup Instructions. Note down the following values of the registered application:

    • Identity Provider Single Sign-On URL value: The location where the SAML request will be sent to the IdP with a HTTP POST. You need this value to set the SSO Service Location setting in Enterprise Vault Administration Console.

    • Identity Provider Issuer value: The unique identifier of the registered application in IdP, that is the intended source who sends the SAML assertion. This is most often the IdP Entity ID of the application. You need this value to set the Issuer URL in Enterprise Vault Administration Console.

    • Download the certificate of your registered application, and save the certificate (.cert or .cer) file somewhere on your Enterprise Vault server. If multiple formats of the certificate are presented for download by the IdP, then choose the Base64 Certificate format for download. You need this certificate file while configuring SSO on Enterprise Vault Administration Console.

  4. Assign permissions to all the required users who should be allowed to access Enterprise Vault Search.

Step 2: Configure the required properties in Enterprise Vault Administration Console

  1. In the Administration Console, go to Site > Properties > Single Sign-On page.
  2. Configure Single Sign-On for Enterprise Vault Search.

    For more information on how to configure Single Sign-On, see Site Properties: Single Sign-On in the Administration Console help.

Note:

If you have enabled the Enterprise Vault Single Sign-On feature in an earlier release, you must run UpdateWeb.exe /EnableSAML to re-enable the feature after an upgrade.

Step 3: Run UpdateEVWeb.exe using Enterprise Vault Management shell

  1. Open the Enterprise Vault Management Shell.
  2. Run UpdateEVWeb.exe /Option.

    Option can be one of the following:

    • EnableSAML: Enable SAML authentication and use the SAML configuration specified in the Enterprise Vault Administration Console.

    • DisableSAML: Disable SAML authentication and revert to Windows Integrated authentication.

      For example, RunUpdateEVWeb.exe /EnableSAML

Note:

For Cluster Enterprise Vault environment, after the UpdateEVWeb.exe is run, manually update the Enterprise Vault server entry to VirtualIP or Role IP hostnameinWeb.config.

<add key="SAML.SP.ACSURL" value="https://YOUR-EV-SERVER.Domain.com(cluster hostname or IP)/EnterpriseVault/Search/SamlAcs.aspx" />

<add key="SAML.SP.ACSURL" value="https://YOUR-EV-SERVER.Domain.com(cluster hostname or IP)/EnterpriseVault/Search" />