Commvault - Metallic - SAML integration

This documentation describes the process of integrating TrustBuilder MFA as the Identity Provider (IdP) for Commvault's Metallic solution using the SAML 2.0 protocol. This integration enables strong authentication via MFA for accessing Metallic services.

Prerequisites

Before starting, ensure you have the following:

• An administrator account in TrustBuilder MFA with access to the admin console

• An administrator account in Metallic with SAML configuration rights

• The Metallic login URL

Step 1: Configuring TrustBuilder

Create a SAML connector

1. Login to TrustBuilder administration console.

2. Go to the Secure Sites tab.

3. In the "connectors” section, click on Add a connector of type… and select SAML 2.0.

   

4. Name your connector (Metallic SAML).

5. Click on Add to create the connector.
   The SAML connector on TrustBuilder side has been created.

6. Configure SAML attribute mapping:

   • mail: User mail

   • displayName: Blank space-separated user first and last names

     

7. Click on Update to save the configuration.

8. Download the TrustBuilder metadata in XML format. You will need it later in Metallic configuration.

   

Create a secure site

9. Go to the Secure Sites tab.

10. Click on “Add a Secure Site of type” and select the SAML connector name you configured related to your SAML connector.

11. In the opening window, set the Secure Site name of your choice and the Called URL to point to your Metallic.

    • The Called URL setting is only used to set a bookmark for the user on My account portal, it has no impact on the security.

12. Click on Add to save the configuration.

The secure site related to your SAML connector for Metallic, has been successfully created.

Leave the TrustBuilder MFA Admin console open. We will come back to it later.

Step 2: Configuring Metallic

1. Log in to Metallic as an administrator.

2. Navigate to Settings > Security > Identity Provider.

   

3. Select SAML Authentication and click Add Identity Provider.

   

4. Give a name to the application: TrustBuilder.

   

5. Upload the TrustBuilder IdP metadata XML file previously downloaded from TrustBuilder Admin console.

   

6. If not automatically filled, enter the Metallic URL: https://<metallic_url>:443/Identity

   

7. Configure attribute mapping and enable signed assertion validation.

   

   

   

8. Download the metadata Service Provider metadata file from Metallic.

Leave the Metallic configuration open. We will come back to it later.

Step 3: Providing Metallic SP metadata to TrustBuilder

1. Go back to the TrustBuilder MFA Admin console.

2. Edit the SAML connector you created.

3. Copy the content of Metallic metadata file and paste it into the TrustBuilder SAML connector.

   

4. Click on Update to save.

Step 4: Finalizing the setup

1. Go back to your SAML Metallic configuration.

2. Click Test Login and attempt authentication.
   ⚠️ This test is required to activate the configuration.

3. Click Finish.

   

4. Navigate to Settings > Security > Identity Provider.

5. TrustBuilder should appear as an IdP.

   

6. Click on the TrustBuilder IdP and make sure it is enabled.

   

Step 5: Testing

1. Open a different browser and go to the Metallic login URL.

2. Enter your username and click Continue.

   

   • You will be redirected to TrustBuilder. After entering your PIN, the user is authenticated successfully.