Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

SAML & local AD authentication in a DMS

Solved1.24K views24th March 2023SAML
8
Leander Druwel [SLC] [DevOps Member]2.02K 1st February 2023 0 Comments

Hi,

We’re looking to setup both SAML and local AD authentication on the same DMS. The SAML authentication would be used for any external customers, while the local AD contains the internal people.

In order to avoid both authentication methods on the same DMA and cause confusion, we’re looking to use a specific DMA to be the point of contact for external people, and only connect that DMA with SAML authentication. Other DMAs in the DMS would not be configured with SAML authentication.

However, as the DMAs are into the same DMS, do we risk any conflicts if a SAML user with the same username would be added as would already exist on the local AD? What specific conditions should we watch out for?

Thx

Leander Druwel [SLC] [DevOps Member] Selected answer as best 24th March 2023

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
2
Simon Declerck [SLC] [DevOps Advocate]829 Posted 2nd February 2023 2 Comments

Hi Leander,

It is possible to configure different authentication methods on different DMAs in the DMS. The entire DMS can be set up with regular AD authentication and one specific DMA which is accessible to external users can then be configured with SAML with automatic user creation. This will then create & sync the users which log in through SAML as local users on the DMS.

There is indeed a risk of conflict as you’ve mentioned. The usernames between the AD users and the SAML created users should not overlap to avoid syncing issues on the system.

When using SAML with automatic user creation, DataMiner relies on the username provided by the Identity Provider to which we redirect the SAML login. So overlap could potentially be avoided through its configuration.

With Kind Regards,

Leander Druwel [SLC] [DevOps Member] Selected answer as best 24th March 2023
Leander Druwel [SLC] [DevOps Member] commented 3rd February 2023

Thanks for the reply, Simon. Just to make sure I have this right, if I would have a leander.druwel@skyline.be on Azure AD and domainnameleander account, these would be seen as different? Or is the username still a different field that can be configured?

Additionally, on the synchronization within the DMS, I assume all users will still be synchronized throughout the full DMS, however you simply won’t be able to login if the identify cannot be verified. For the DMA that would be connected to SAML, that server can still be into the domain? (Or would that cause issues as it could still verify the identity for both Azure and local AD)

Simon Declerck [SLC] [DevOps Advocate] commented 7th February 2023

These would be seen as different usernames.
Something to be cautious of however is multiple users on Azure AD which share the same first name & last name. As there is a known issue in which they can not be properly imported on the DMA.
All users will indeed be synchronized throughout the DMS as part of the security.xml. As each DMA needs to check authorization rights by itself.
However the Azure AD SAML users can not be used to login on any DMA which does not have the SAML authentication.
The server which is configured to utilize SAML can be a part of the domain. The Azure AD or the automatic user creation should be configured in the DataMiner.xml however, as documented in the initial response.

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs