Configuring SAML authentication for web services

Starting with ONTAP 9.3, you can configure multifactor authentication (MFA) for web services by using Security Assertion Markup Language (SAML) authentication. You can use SAML authentication for Service Processor Infrastructure (spi), ONTAP APIs, and OnCommand System Manager.

When you configure SAML authentication, users are authenticated by an external Identity Provider (IdP). The IdP is a third-party software such as Microsoft Active Directory Federated Services (ADFS) IdP or open source Shibboleth IdP. The ONTAP cluster acts as the SAML Service Provider (SP) host. Authentication is performed by exchanging metadata between the IdP and SP.