Description

There are two ways to initiate Single Sign-on (SSO) with Security Assertion Markup Language (SAML). 

1. Service Provider (SP) initiated sign-on

2. Identity Provider (IDP) initiated sign-on.

Veritas Alta Archiving  is the SP and the IDP would be any 3rd party vendor such as Okta, OneLogin, PingOne, etc.  Veritas Alta Archiving only supports SP initiated sign-on, which uses a unique Personal Archive (PA) URL with an appended Customer ID (CID).  This CID is created in Administration Console (Policy Management -> Authentication Management) after SSO is fully configured for Veritas Alta Archiving.  It will look like the example below: 

https://personal.us.archive.veritas.com?CID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Only by going directly to the PA URL will the SSO process properly resolve, allowing users to login to their archive.  Most IDP's provide a home page in which they can place shortcut buttons for their SSO.  This is not supported by Veritas Alta Archiving and must be configured by the 3rd party vendor.