Skip to main content
BlueXP setup and administration

Manage federations in BlueXP

Contributors netapp-tonias
PDFs

You can manage your federation in BlueXP. You can disable it, update expired credentials, as well as disable it if you no longer need it.

Note If you previously configured federation using NetApp Cloud Central (an external application to BlueXP), you'll need to import your federation using the BlueXP Federation page to be able to manage it within BlueXP. Learn how to import your federation

You can also add a verified domain to an existing federation, which allows you to use multiple domains for your federated connection.

Note Federation management events such as enabling, disabling, and updating federations display in the Timeline. Learn more about monitoring operations in BlueXP.
Required roles

Organization admin or Federation admin is required to make create and manage federations. Federation viewer can view the Federation page. Learn more about access roles.

Enable a federation

If you have created a federation but it is not enabled, you can enable it through the Federation tab in BlueXP. Enabling a federation allows users associated with the federation to log in to BlueXP using their corporate credentials. You must have already created the federation and tested it successfully before enabling it.

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu an icon with three horizontal dots next to the federation that you want to enable and select Enable.

Add a verified domain to an existing federation

You can add a verified domain to an existing federation in BlueXP to use multiple domains with the same identity provider (IdP).

You must have already verified the domain in BlueXP before you can add it to a federation. If you haven't verified the domain yet, you can do so by following the steps in Verify your domain in BlueXP.

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu an icon with three vertical dots next to the federation that you want to add a verified domain to and select Update domains. The Update domains dialog box lists the domain already associated with this federation.

  4. Select a verified domain from the list of available domains.

  5. Select Update. It make take up to 30 seconds for users of the new domain to have federated access to BlueXP.

Updating an expiring federated connection

You can update the details of a federation in BlueXP. For example, you'll need to update the federation if the credentials such as a certificate or client secret expire. When needed, update the notification date to remind you to update the connection before it expires.

Important Update BlueXP first before updating your IdP to avoid login issues. Stay logged in to BlueXP during the process.
Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu (three vertical dots) next to the federation that you want to update and select Update federation.

  4. Update the details of the federation as needed.

  5. Select Update.

Test an existing federation

If you are having trouble with an existing federation, you can test the connection to see if it is working properly. This can help you identify any issues with the federation and troubleshoot them.

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu an icon with three vertical dots next to the federation that you want to add a verified domain to and select Test connection.

  4. Select Test. You're prompted to log in with your corporate credentials. If the connection is successful, you will be redirected to the BlueXP console. If the connection fails, you will see an error message indicating the issue with the federation.

  5. Select Done to return to the Federation tab.

Disable a federation

If you no longer need a federation, you can disable it. This prevents users associated with the federation from logging in to BlueXP using their corporate credentials. You can re-enable the federation later if needed.

You should disable a federation before deleting it. For example, if you are decommissioning the IdP in favor of another IdP or no longer want to use federation. This allows you to re-enable it later if needed.

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu an icon with three vertical dots next to the federation that you want to add a verified domain to and select Disable.

Delete a federation

If you no longer need a federation, you can delete it. This removes the federation from BlueXP and prevents any users associated with the federation from logging in to BlueXP using their corporate credentials. For example, if the IdP is being decommissioned or if the federation is no longer needed. After you delete a federation, you cannot recover it. You must create a new federation.

Important You must disable a federation before you can delete it. You cannot undelete a federation after you delete it.
Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. Select the Federation tab.

  3. Select the actions menu an icon with three vertical dots next to the federation that you want to add a verified domain to and select Delete.