Skip to main content

Manage user accounts and roles on ASA r2 storage systems

Contributors netapp-aherbin
PDFs

Use System Manager to configure active directory domain controller access, LDAP and SAML authentication for your user accounts. Create user account roles to define specific functions that users assigned to the roles can perform on your cluster.

Configure active directory domain controller access

Configure active directory (AD) domain controller access to your cluster or storage VM so that you can enable AD account access.

Steps

  1. In System Manager, select Cluster > Settings.

  2. In the Security section, under Active Directory, select Configure.

What's next?

You can now enable AD account access on your ASA r2 system.

Configure LDAP

Configure a Lightweight Directory Access Protocol (LDAP) server to centrally maintain user information for authentication.

Before you begin

You must have generated a certificate signing request and added a CA-signed server digital certificate.

Steps

  1. In System Manager, select Cluster > Settings.

  2. In the Security section, next to LDAP, select outline of a blue mechanical gear.

  3. Enter the necessary LDAP server and binding information; then select Save.

What's next?

You can now use LDAP for user information and authentication.

Configure SAML authentication

Security Assertion Markup Language (SAML) authentication allows users to be authenticated by a secure identity provider (IdP) instead of the direct service providers such as Active Directory and LDAP.

Before you begin

  • The IdP that you plan to use for remote authentication must be configured.

    See the IdP documentation for configuration.

  • You must have the URI of the IdP.

Steps

  1. In System Manager, select Cluster > Settings.

  2. Under Security, next to SAML authentication, select blue outline of a mechanical gear .

  3. Select Enable SAML authentication.

  4. Enter the IdP URL and the host system IP address; then select Save.

    A confirmation window displays the metadata information, which has been automatically copied to your clipboard.

  5. Go to the IdP system you specified; then copy the metadata from your clipboard to update the system metadata.

  6. Return to the confirmation window in System Manager; then select I have configured the IdP with the host URI or metadata.

  7. Select Logout to enable SAML-based authentication.

    The IdP system will display an authentication screen.

What's next?

You can now use SAML authentication for your user accounts.

Create user account roles

Roles for cluster administrators and storage VM administrators are automatically created when your cluster is initialized. Create additional user account roles to define specific functions that users assigned to the roles can perform on your cluster.

Steps

  1. In System Manager, select Cluster > Settings.

  2. In the Security section, next to Users and roles, select blue arrow pointing to the right.

  3. Under Roles, select blue rectangle containing a plus sign followed by the word add in white letters.

  4. Select the role attributes.

    To add multiple attributes, select plus sign followed by the word add in blue letters.

  5. Select Save.

Result

A new user account is created and available for use on your ASA r2 system.

Create an administrator account

Create an administrator user account to enable the account user to perform specific actions on your cluster based on the role assigned to the account. To enhance account security, set up multi-factor authentication (MFA) when you create the account.

Steps

  1. In System Manager, select Cluster > Settings.

  2. In the Security section, next to Users and roles, select blue arrow pointing to the right.

  3. Under Users, select blue rectangle containing a plus sign followed by the word add in white letters.

  4. Enter a username; then select a role to assign to the user.

  5. Select the user login method and the authentication method.

  6. To enable MFA, select plus sign followed by the word add in blue letters; then select a secondary login method and authentication method

  7. Enter a password for the user.

  8. Select Save.

Result

A new administrator account is created and available for use on your ASA r2 cluster.