1. Log into the Mozy account and enter the Authentication Policy settings
2. Select the Attribute Mapping tab
3. Set the Username field to the same directory field that is mapped to the SecureAuth IdP Property being used in the User ID Mapping section (Email 2)
4. Set the Name field to the directory field that contains the user's name
5. Select the SAML Authentication tab
6. Set the Authentication URL to the SecureAuth IdP FQDN, followed by the realm number of the Mozy integration realm configured in the SecureAuth IdP Web Admin, e.g. idp.company.com/secureauth2
The SecureAuth IdP FQDN value must match the WSFed/SAML Issuer value in the Web Admin (step 9)
7. Set the SAML Endpoint to the SecureAuth IdP FQDN, e.g. idp.company.com
This value must match the WSFed/SAML Issuer value in the Web Admin (step 9)
8. Copy and paste the content from either the Metadata File (step 16) or the Assertion Signing Certificate (step 15) in the SAML Certificate field
If using Metadata File: copy and paste the content between the <X509 Certificate> tags
If using Assertion Signing Certificate: copy and paste the content between ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- markers
Metadata XML or Certificate markers should not be included in the SAML Certificate field
Troubleshooting / Common Issues
1. If the URL displays Unknown User, the cause is most likely a mismatch between the Mozy Username attribute and the attribute being sent in User ID Mapping. Ensure that they are both using the same directory field.
In some cases, Unknown User may be the result of the email not being populated in Active Directory or LDAP. Ensure that the attribute being used for User ID Mapping is populated in the appropriate directory service.
Also ensure that the user is properly provisioned within the MozyEnterprise console.
2. If the URL displays Invalid SAML, the most common issues are clocking and token-signing related. Ensure that the clock on the machine attempting authentication is accurate and in the proper time zone. Also ensure that the token-signing certificate (labeled as SAML Certificate) has been properly pasted into the MozyEnterprise console, complete with trailing =, and without any XML or certificate delimiters (such as <X509 Certificate> or ---BEGIN CERTIFICATE---)