Additional information for multi-factor authentication
PDF of this doc site
- Install and maintain hardware
Manage storage with Element software
Manage your system
- Configure cluster settings
- Manage volumes and virtual volumes
Protect your data
- Use volume snapshots for data protection
- Perform remote replication between clusters running NetApp Element software
- Use SnapMirror replication between Element and ONTAP clusters
- Manage your system
- Manage and monitor storage with NetApp Hybrid Cloud Control
- Manage storage with Element API
- Work with the management node
You should be aware of the following caveats in relation to multi-factor authentication.
In order to refresh IdP certificates that are no longer valid, you will need to use a non-IdP admin user to call the following API method:
MFA is incompatible with certificates that are less than 2048 bits in length. By default, a 2048-bit SSL certificate is created on the cluster. You should avoid setting a smaller sized certificate when calling the API method:
If the cluster is using a certificate that is less than 2048 bits pre-upgrade, the cluster certificate must be updated with a 2048-bit or greater certificate after upgrade to Element 12.0 or later.
IdP admin users cannot be used to make API calls directly (for example, via SDKs or Postman) or used for other integrations (for example, OpenStack Cinder or vCenter Plug-in). Add either LDAP cluster admin users or local cluster admin users if you need to create users that have these abilities.