Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. LDAP and SSO authentication for Portal access
  5. Configure single sign-on (SSO)
  6. Setting up the external Identity Provider (IDP) server
  7. Users and groups in the external LDAP directory

Users and groups in the external LDAP directory

When using an external authentication service, there are two areas that require setup for a synchronization between the two systems to occur:

  • User profiles in the external directory must have specific attributes set

  • Group names in the external directory must match User Group names in the IT Analytics Portal for privilege inheritance

Set the following attributes for each user in the external LDAP directory. For each attribute, the properties name and friendlyName must be present and have values populated. These attributes must be exposed by both the external LDAP directory and the IDP server. The names of attributes are as follows:

  • displayName: <first_name> <last_name> For example Jane Smith

  • email: email address

  • mobile: cell phone or mobile number

  • telephoneNumber: work phone or home phone number

  • sAMAccountName: the unique user name that is used as a login

  • memberOf: List of group names to which the user belongs, supporting with or without domain prefixed for Azure IDP. This attribute requires customization for a Microsoft Azure IDP. It is recommended to set Groups Assigned to the application instead of All groups or Security groups for "memberOf" attribute. Click here for more details.

    The memberOf attribute must be in the below supported formats:

    • DOMAIN_NAME\userGroupName

    • CN=userGroupName,CN=Users,DC=aptareadfs,DC=com (for non-AZURE IDPs)

Before an external user can use SSO to log into the Portal, they must belong to one external directory group that also exists as a User Group in the IT Analytics Portal. If the setup criteria is met, when the user logs into the Portal for the first time, their user profile will be synchronized from the external directory. They will also inherit all privileges assigned to the User Group.

Feedback

Was this page helpful?
Previous

Setting up the external Identity Provider (IDP) server

Next

Registering with the IDP server

Feedback

Was this page helpful?