Additional information for multi-factor authentication
-
PDF of this doc site
- Manage storage with Element software
Collection of separate PDF docs
Creating your file...
You should be aware of the following caveats in relation to multi-factor authentication.
-
In order to refresh IdP certificates that are no longer valid, you will need to use a non-IdP admin user to call the following API method:
UpdateIdpConfiguration
-
MFA is incompatible with certificates that are less than 2048 bits in length. By default, a 2048-bit SSL certificate is created on the cluster. You should avoid setting a smaller sized certificate when calling the API method:
SetSSLCertificate
If the cluster is using a certificate that is less than 2048 bits pre-upgrade, the cluster certificate must be updated with a 2048-bit or greater certificate after upgrade to Element 12.0 or later. -
IdP admin users cannot be used to make API calls directly (for example, via SDKs or Postman) or used for other integrations (for example, OpenStack Cinder or vCenter Plug-in). Add either LDAP cluster admin users or local cluster admin users if you need to create users that have these abilities.