Skip to main content

Prepare AFX storage system authentication services

Contributors dmp-netapp
PDFs

You need to prepare the authentication and authorization services used by the AFX system to the user account and role definitions.

Configure LDAP

You can configure a Lightweight Directory Access Protocol (LDAP) server to maintain authentication information at a central location.

Before you begin

You must have generated a certificate signing request and added a CA-signed server digital certificate.

Steps

  1. In System Manager, select Cluster and then Settings.

  2. Select outline of a blue mechanical gear next to LDAP.

  3. Select blue add with white background and provide the name or IP address of the LDAP server.

  4. Provide the necessary configuration information, including the schema, base DN, port, and binding.

  5. Select Save.

Configure SAML authentication

Security Assertion Markup Language (SAML) authentication enables users to be authenticated by a secure identity provider (IdP) instead of providers using other protocols such as LDAP.

Before you begin

  • The identity provider you plan to use for remote authentication must be configured. See the provider documentation for configuration details.

  • You must have the URI of the identity provider.

Steps

  1. In System Manager, select Cluster and then Settings.

  2. Select blue outline of a mechanical gear under Security next to SAML authentication.

  3. Select Enable SAML authentication.

  4. Provide the IdP URL and the Host system IP address and select Save.

    A confirmation window displays the metadata information, which has been automatically copied to your clipboard.

  5. Navigate to the IdP system you specified and copy the metadata from your clipboard to update the system metadata.

  6. Return to the confirmation window in System Manager and select I have configured the IdP with the host URI or metadata.

  7. Select Logout to enable SAML-based authentication.

    The IdP system will display an authentication screen.