Description
Implementing SAML Single Sign-On (SSO) with Role-Based Access Control (RBAC) ensures secure and seamless authentication for Insight Archiving users via an Identity Provider (IDP) such as Okta and Entra ID. This setup allows users to access Insight Archiving applications without managing multiple credentials while ensuring appropriate access permissions.
SAML SSO is an authentication standard that enables users to log in once and gain access to multiple applications securely. It includes the following components:
- IDPs such as Okta, Entra ID, etc to verify user identity.
- Service Provider (SP) such as Insight Archiving Management Console, Insight eDiscovery, Insight Personal Archive, etc to which SSO access is needed.
- SAML authentication token to establish a trusted connection between IDP and Insight Archiving applications.
Role-Based Access Control (RBAC) ensures that users logging into Insight Archiving via SSO are automatically granted the correct permissions based on their roles. It includes:
- Defining user roles (e.g. AccountManager, RoleManager, etc) in IDP.
- Mapping SAML attributes.
- Assigning access control.
How does it work?
- Insight Archiving user attempts to log in. The request gets redirected to IDP (e.g. Okta, Entra ID).
- IDP authenticates the user. Issues the SAML Assertion with role attributes.
- Insight Archiving application processes assertion. Grants access based on user roles.
- RBAC ensures correct permissions. The user receives access only to the functions their role allows.
Objective:
- Seamless authentication without requiring multiple passwords.
- Automated permission assignment, reducing manual intervention.
- Centralized security control, improving governance and compliance.
To configure SAML SSO and RBAC for Insight Archiving Users via IDPs, refer to the following articles:
- Configuring SAML SSO and RBAC for Insight Archiving Users using Okta
- Configuring SAML SSO and RBAC for Insight Archiving Users using Microsoft Entra ID
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.