This article guides you to configure SAML-based SSO and RBAC for Arctera Unified Platform Users using the Microsoft Entra ID SSO App.

To configure SAML-based SSO and RBAC for Arctera Unified Platform Users using Microsoft Entra ID

1. Enable Role-Based Claims in Arctera Management Console:
   • Access the Arctera Management console and navigate to Policy Management > Authentication Management.
   • Set Role-Based Claims Allowed to Yes.
     
     

2. Configure Claim Mapping in Microsoft Entra ID:

   • Access Entra ID Admin Center and navigate to the application created for SSO in Entra ID.

   • Add a new claim to the application as below and save the claim.
          Name -  approle
          Namespace - http://schemas.xmlsoap.org/ws/2005/05/identity/claims
          Source attribute - user.assignedroles
     
     
     The claim appears as shown in the sample image below:
     
     

3. Define Application Roles in Entra ID:

   • Navigate to App Registration and open the SSO application.

   • Navigate to App roles and click Create app role.

   • Enter the Display name of the app role.

   • Set Allowed member types to Users/Groups.

   • Set the values as SystemAdministrator.

   • Check the box 'Do you want to enable this app role?' and click Apply.

     The value can be entered based on the role that needs to be associated with the user. Refer to the table below which shows the Built-In roles and how their value needs to be entered in the configuration. 

     PrivilegeGroupName	Value
     Account Manager	AccountManager
     Archive Collections Manager	ArchiveCollectionsManager
     Continuity Manager	ContinuityManager
     eDiscovery Administrator	eDiscoveryAdministrator
     Policy Manager	PolicyManager
     Retention Manager	RetentionManager
     Role Manager	RoleManager
     System Administrator	SystemAdministrator
     Classification Administrator	ClassificationAdministrator

     

4. Assign Roles to Users or Groups associated with this application:

   • In the Enterprise Applications section, select the SSO application.

   • Click Users and groups. Select the user to which this permission needs to be assigned and click on Edit Assignment.

   • Click on Select a role | None selected.

   • Select the role that has been created for the assignment. In this example, the role of SystemAdmin is being assigned. 

   • Click Select, and then click Assign. 

     

     

5. Verify that users can log in to the Arctera Management Console via SSO and receive the appropriate role-based access.

   • The user can log in to the Arctera Management Console using the SSO URL. The assigned role should be automatically applied on the Arctera Management Console side.