application commands
security login external-role-mapping create
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Add a external role mapping
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command creates a mapping between an external IDP (Identity Provider) role and an ONTAP role. This allows the system to authorize users based on their roles in the external IDP.
Parameters
-external-role <text>- External Role Name-
The role name coming from the external IDP. This should match the role name as defined in the IDP, for which the external role mapping is being created. For example, 'Administrator'.
-provider {basic|keycloak|auth0|adfs|entra}- Provider Type-
The name of the IDP provider. This should be the identifier for the IDP system. For example, 'entra'.
-ontap-role <text>- Ontap Role Name-
The name of the ONTAP role that the external role should map to. This should be a role defined within ONTAP. For example, 'admin'.
[-comment <text>]- Comment-
This parameter optionally specifies any comments or notes related to the external role mapping. This can be used to provide additional context or explanation for the mapping.
Examples
This command creates an external role mapping for the external role "Administrator" from the IDP provider "entra" to the ONTAP role "admin". The comment 'External role mapping' provides additional context for this mapping.
cluster1::> security login external-role-mapping create -external-role Administrator -provider entra -ontap-role admin -comment "External role mapping"
