What do I need to know before configuring and enabling SAML?

Before configuring and enabling the Security Assertion Markup Language (SAML) capabilities for authentication, make sure you meet the following requirements and understand SAML restrictions.

Requirements

Before you begin, make sure that:

Restrictions

In addition to the requirements above, make sure you understand the following restrictions:

  • Once SAML is enabled, you cannot disable it through the user interface, nor can you edit the IdP settings. If you need to disable or edit the SAML configuration, contact Technical Support for assistance. We recommend that you test the SSO logins before you enable SAML in the final configuration step. (The system also performs an SSO login test before enabling SAML.)
  • If you disable SAML in the future, the system automatically restores the previous configuration (Local User Roles and/or Directory Services).
  • If Directory Services are currently configured for user authentication, SAML overrides that configuration.
  • When SAML is configured, the following clients cannot access storage array resources:
    • Enterprise Management Window (EMW)
    • Command-line interface (CLI)
    • Software Developer Kits (SDK) clients
    • In-band clients
    • HTTP Basic Authentication REST API clients
    • Login using standard REST API endpoint