There is a collection of user accounts for the cluster and SVMs. This resource type was introduced with ONTAP 9.6.

The configuration for a scoped user account. This resource type was introduced with ONTAP 9.6.

You can administer the SVM account information at the Active Directory server. This resource type was introduced with ONTAP 9.7.

ONTAP detects files potentially containing a ransomware threat. There are several categories of endpoints. You can retrieve a list of these suspect files as well as remove them from a volume. This resource type was introduced with ONTAP 9.10.1. Support for displaying the version and updating the anti-ransomware package was added with ONTAP 9.16.

The settings which determine what is logged to the audit log files. This resource type was introduced with ONTAP 9.6.

These settings control how audit log information is forwarded to remote systems or splunk servers. This resource type was introduced with ONTAP 9.6.

You can retrieve the audit log messages. This resource type was introduced with ONTAP 9.6.

Amazon Web Services includes a key management service that provides secure storage for keys and other secrets. You can access this service through the REST API to allow ONTAP to securely store its encryption keys in the cloud. In addition, you can create and list the authentication keys used with NetApp Storage Encryption. This support is new with ONTAP 9.12.

This set of API calls allows you to use the Azure Key Vault to store the ONTAP encryption keys. This resource type is new with ONTAP 9.8.

The APIs calls can be used to install, display, and delete certificates used by ONTAP. This resource type was introduced with ONTAP 9.7.

Duo provides two-factor authentication for SSH logins. You can configure Duo to operate at the ONTAP cluster or SVM level. This resource type was introduced with ONTAP 9.14.

You can retrieve details of the cluster-wide security and update certain parameters. This resource type was introduced with ONTAP 9.7 and updated with ONTAP 9.8.

An external role is defined at an OAUTH 2.0 identify provider. You can create and administer mapping relationships between these external roles and the ONTAP roles. This resource type was introduced with ONTAP 9.16.

This set of API calls allows you to use the Google Cloud Platform Key Management Service to store and manage the ONTAP encryption keys. This resource type was initially introduced with the ONTAP 9.8 REST API. However, this feature has been redesigned and so is considered to be new, with new resources types, in ONTAP 9.9.

You can administer group configurations including groups represented with UUIDs. This resource type was introduced with ONTAP 9.16.

You can create and administer mapping relationships between groups and roles. This resource type was introduced with ONTAP 9.16.

Internet Protocol Security (IPSec) is a suite of protocols providing security between two endpoints over an underlying IP network. This resource type is new with ONTAP 9.8.

You can add, remove, and retrieve IPSec CA certificates. This resource type is new with ONTAP 9.10.

You can use this set of API calls to manage the policies in effect for an IPSec deployment. This resource type is new with ONTAP 9.8.

You can use this set of API calls to manage the security associations in effect for an IPSec deployment. This resource type is new with ONTAP 9.8.

These endpoints allow you to retrieve and update the configurations for key managers. This resource type is new with ONTAP 9.10.

A key manager allows client modules within ONTAP to securely stored keys. This resource type was introduced with ONTAP 9.6 and updated for ONTAP 9.7. There was another update with ONTAP 9.12 to support authentication keys. A restore capability was added with ONTAP 9.13.

A key store describes the type of a key manager. This resource type is new with ONTAP 9.10. Additional endpoints supporting enhanced control were added with ONTAP 9.14.

These API calls are used to retrieve and manage the cluster LDAP server configuration. This resource type was introduced with ONTAP 9.6.

Used to display and manage the login messages used by ONTAP. This resource type was introduced with ONTAP 9.6.

The multiple administrator verification feature provides a flexible authorization framework for protecting access to ONTAP commands or operations. There are seventeen new endpoints that support defining, requesting, and approving access in the following areas:

Providing the option for multiple administrators to approve access improves the security of your ONTAP and IT environments. These resource types were introduced with ONTAP 9.11.

These settings are used to retrieve and manage the cluster NIS server configuration. This resource type was introduced with ONTAP 9.6.

Open Authorization (OAuth 2.0) is a token-based framework that can be used to restrict access to your ONTAP storage resources. You can use it with clients that access ONTAP through the REST API. This resource type was introduced with ONTAP 9.14. It was enhanced with ONTAP 9.16 through the support of the Microsoft Entra ID authorization server (formerly Azure AD) with standard OAuth 2.0 claims. In addition, the Entra ID standard group claims based on UUID style values are supported through new group and role mapping capabilities. A new external role mapping feature has also been introduced. Also see External roles, Groups, and Group role mappings.

This includes the API call used to change the password for a user account. This resource type was introduced with ONTAP 9.6.

Manage the privileges for a specific role. This resource type was introduced with ONTAP 9.6.

You can use these API calls to configure the public keys for user accounts. This resource type was introduced with ONTAP 9.7.

The roles provide a way to assign privileges to user accounts. This resource type was introduced with ONTAP 9.6.

Specific instance of a role. This resource type was introduced with ONTAP 9.6.

You can display and manage the configuration for the SAML service provider. This resource type was introduced with ONTAP 9.6.

These calls allow you to set the SSH configuration. This resource type was introduced with ONTAP 9.7.

These endpoints allow you to retrieve the SSH security configuration for all SVMs. This resource type was introduced with ONTAP 9.10.

You can use the REST API to configure time-based one-time password (TOTP) profiles for accounts that sign in and access ONTAP using SSH. This resource type was introduced with ONTAP 9.13.

Web authentication (WebAuthn) is a web standard for securely authenticating users based on public key cryptography. With ONTAP, it supports the administration of phishing-resistent MFAs through System Manager and the ONTAP REST API. This feature was added with ONTAP 9.16.