Enable single sign-on by using identity federation with NetApp Console
Single-sign on (federation) simplifies the login process and enhances security by allowing users to log in to the NetApp Console using their corporate credentials. You can enable single sign-on (SSO) with your identity provider (IdP) or with the NetApp Support site.
Organization admin, Federation admin, Federation viewer. Learn more about access roles.
Identity federation with NetApp Support Site
Federating with the NetApp Support Site allows users to log in to the Console, Active IQ Digital Advisor, and other associated apps using the same credentials.
|
If you federate with the NetApp Support Site, you can't also federate with your corporate identity management provider. Choose which one works best for your organization. |
-
Download and complete the NetApp Federation Request Form.
-
Submit the form to the email address specified in the form.
The NetApp support team reviews and processes your request.
Set up a federated connection with your identity provider
You can set up a federated connection with your identity provider to enable single sign-on (SSO) for the Console. The process involves configuring your identity provider to trust NetApp as a service provider and then creating the connection in the Console.
|
If you previously configured federation using NetApp Cloud Central (an external application to the Console), you need to import your federation using the Federation page to manage it within the Console. Learn how to import your federation. |
Supported identity providers
NetApp supports the following protocols and identity providers for federation:
-
Security Assertion Markup Language (SAML) identity providers
-
Active Directory Federation Services (AD FS)
-
Microsoft Entra ID
-
PingFederate
Federation with NetApp Console workflow
NetApp supports service provider-initiated (SP-initiated) SSO only. You need to first configure the identity provider to trust NetApp as a service provider. Then, you can create a connection in the Console that uses the identity provider's configuration.
You can federate with your email domain or with a different domain that you own. To federate with a domain different from your email domain, first verify you own the domain.

To federate with a domain different from your email domain, verify that you own it. You can federate your email domain without any extra steps.

Configure your identity provider to trust NetApp by creating a new application and providing details like the ACS URL, Entity ID or other credential information. Service provider information varies by identity provider, so refer to the documentation for your specific identity provider for details. You'll need to work with your IdP administrator to complete this step.

Provide the SAML metadata URL or file from your identity provider to create the connection. This information is used to establish the trust relationship between the Console and your identity provider. The information you provide depends on the IdP that you are using. For example, if you're using Microsoft Entra ID, you need to provide the client ID, secret, and domain.

Test your federated connection before enabling it. Use the test option on the Federation page in the Console to verify that your test user can authenticate successfully. If the test is successful, you can enable the connection.

After you enable the connection, users can log in to the Console using their corporate credentials.
Review the topic for your respective protocol or IdP to get started: