Configuring SAML SSO and RBAC for Insight Archiving Users using Okta

This article guides you to configure SAML-based SSO and RBAC for Insight Archiving Users using Okta SSO App.

To configure SAML-based SSO and RBAC for Insight Archiving Users using Okta SSO App

1. Enable Role-Based Claims in Arctera Insight Management Console:
   • Access the Arctera Insight Management console and navigate to Role Management > Authentication Management.
   • Set Role-Based Claims Allowed to Yes.
     

2. Configure Claim Mapping in Okta SSO App.

   • Access Okta Admin Center and navigate to the application created for Insight Archiving SSO.

   • Configure role mapping to send built-in or custom administration role names (without spaces) to the approle string array attribute in the SAML response.
     To achieve this, navigate to Profile Editor → Okta Alta SSO App (Veritas SSO User) and add a string array attribute to the user profile. Refer to the sample screenshots below:
     
     

     
     

3. Define Application Roles in Okta:

   • Map the required role names (defined in Insight Management Console) to the string array attribute created earlier. Do this by providing the values during user assignment to the app or by editing the user profile for the app to include these values.
     
     Roles defined in Manage
     
     
     Providing the values during user assignment to the app
     
     
     
     
     Or, editing the user profile for the app to add these values
     

4. Update Attribute Mapping in the Okta SSO App:

   • Navigate to Applications > SSO App (Veritas SSO).
     

   • Edit the application configuration to map the user profile attribute to the approle SAML response attribute.
     
     
     

5. Verify the configuration: by ensuring the SAML response after SSO login includes the role names in the approle attribute. Confirm that the account role user in Manage receives the corresponding roles sent in the SAML response.

Account Role user



SSO login for the user