Skip to main content
NetApp Console setup and administration

Enable single sign-on by using identity federation with NetApp Console

Contributors netapp-tonias
PDFs

Single-sign on (federation) simplifies the login process and enhances security by allowing users to log in to the NetApp Console using their corporate credentials. You can enable single sign-on (SSO) with your identity provider (IdP) or with the NetApp Support site.

Required role

Organization admin, Federation admin, Federation viewer. Learn more about access roles.

Identity federation with NetApp Support Site

Federating with the NetApp Support Site allows users to log in to the Console, Active IQ Digital Advisor, and other associated apps using the same credentials.

Note If you federate with the NetApp Support Site, you can't also federate with your corporate identity management provider. Choose which one works best for your organization.
Steps

  1. Download and complete the NetApp Federation Request Form.

  2. Submit the form to the email address specified in the form.

    The NetApp support team reviews and processes your request.

Set up a federated connection with your identity provider

You can set up a federated connection with your identity provider to enable single sign-on (SSO) for the Console. The process involves configuring your identity provider to trust NetApp as a service provider and then creating the connection in the Console.

Note If you previously configured federation using NetApp Cloud Central (an external application to the Console), you need to import your federation using the Federation page to manage it within the Console. Learn how to import your federation.

Supported identity providers

NetApp supports the following protocols and identity providers for federation:

Protocols

  • Security Assertion Markup Language (SAML) identity providers

  • Active Directory Federation Services (AD FS)

Identity providers

  • Microsoft Entra ID

  • PingFederate

Federation with NetApp Console workflow

NetApp supports service provider-initiated (SP-initiated) SSO only. You need to first configure the identity provider to trust NetApp as a service provider. Then, you can create a connection in the Console that uses the identity provider's configuration.

You can federate with your email domain or with a different domain that you own. To federate with a domain different from your email domain, first verify you own the domain.

One Verify your domain (if not using your email domain)

To federate with a domain different from your email domain, verify that you own it. You can federate your email domain without any extra steps.

Two Configure your IdP to trust NetApp as a service provider

Configure your identity provider to trust NetApp by creating a new application and providing details like the ACS URL, Entity ID or other credential information. Service provider information varies by identity provider, so refer to the documentation for your specific identity provider for details. You'll need to work with your IdP administrator to complete this step.

Three Create the federated connection in the Console

Provide the SAML metadata URL or file from your identity provider to create the connection. This information is used to establish the trust relationship between the Console and your identity provider. The information you provide depends on the IdP that you are using. For example, if you're using Microsoft Entra ID, you need to provide the client ID, secret, and domain.

Three Test your federation in the Console

Test your federated connection before enabling it. Use the test option on the Federation page in the Console to verify that your test user can authenticate successfully. If the test is successful, you can enable the connection.

Three Enable your connection in the Console

After you enable the connection, users can log in to the Console using their corporate credentials.

Review the topic for your respective protocol or IdP to get started: