Skip to main content
BlueXP setup and administration

Federate BlueXP with Microsoft Entra ID

Contributors netapp-tonias
PDFs

Federate with your Microsoft Entra ID IdP provider to enable single sign-on (SSO) for BlueXP. This allows users to log in using their corporate credentials.

Required roles

Organization admin or Federation admin is required to make create and manage federations. Federation viewer can view the Federation page. Learn more about access roles.

Note You can federate with your corporate IdP or with the NetApp Support Site. NetApp recommends choosing one or the other, but not both.

NetApp supports service provider-initiated (SP-initiated) SSO only. You need to first configure the identity provider to trust NetApp as a service provider. Then, you can create a connection in BlueXP that uses the identity provider's configuration.

You can set up a federated connection with Microsoft Entra ID to enable single sign-on (SSO) for BlueXP. The process involves configuring your Microsoft Entra ID to trust BlueXP as a service provider and then creating the connection in BlueXP.

Before you begin

  • An IdP account with administrative privileges is required. Coordinate with your IdP administrator to complete the steps.

  • Identify the domain you want to use for federation. You can use your email domain or a different domain that you own. If you want to use a domain other than your email domain, you must first verify the domain in BlueXP. You can do this by following the steps in the Verify your domain in BlueXP topic.

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select Configure new federation.

Domain details

  1. Enter your domain details:

    1. Choose whether you want to use a verified domain or your email domain. The email domain is the domain associated with the account you are logged in with.

    2. Enter the name of the federation you are configuring.

    3. If you choose a verified domain, select the domain from the list.

  2. Select Next.

Connection method

  1. For your connection method, choose Provider and then select Microsoft Entra ID.

  2. Select Next.

Configuration instructions

  1. Configure your Microsoft Entra ID to trust NetApp as a service provider. You need to do this step on your Microsoft Entra ID server.

    1. Use the following values when registering your Microsoft Entra ID app to trust BlueXP:

    2. Create a client secret for your Microsoft Entra ID app. You'll need to provide the client ID, the client secret, and the Entra ID domain name to complete the federation.

  2. Return to BlueXP, and select Next to create the connection.

Create connection

  1. Create the connection with Microsoft Entra ID

    1. Enter the client ID and Client secret that you created in the previous step.

    2. Enter the Microsoft Entra ID domain name.

  2. Select Create connection. The system creates the connection in a few seconds.

Test and enable the connection

  1. Select Next.

  2. Select Test connection to test your connection. You are directed to a login page for your IdP server. Log in with your IdP credentials to complete the test and return to BlueXP to enable the connection.

  3. Select Next.

  4. On the Enable federation page, review the federation details and then select Enable federation.

  5. Select Finish to complete the process.

After you enable the federation, users can log in to BlueXP using their corporate credentials.