Release notes
View ONTAP WebAuthn MFA settings and manage credentials
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
As an ONTAP administrator, you can view cluster-wide WebAuthn MFA settings and manage user and group credentials for WebAuthn MFA.
View cluster settings for WebAuthn MFA
You can view the cluster settings for WebAuthn MFA using the ONTAP CLI.
-
View the cluster settings for WebAuthn MFA. You can optionally specify a storage VM using the
vserverargument:security webauthn show -vserver <storage_vm_name>Console
View supported public key WebAuthn MFA algorithms
You can view the supported public key algorithms for WebAuthn MFA for a storage VM or for a cluster.
-
List the supported public key WebAuthn MFA algorithms. You can optionally specify a storage VM using the
vserverargument:security webauthn supported-algorithms show -vserver <storage_vm_name>Console
View the registered WebAuthn MFA credentials
As an ONTAP administrator, you can view the registered WebAuthn credentials for all users. Non-administrator users that use this procedure can only view their own registered WebAuthn credentials.
-
View the registered WebAuthn MFA credentials:
security webauthn credentials showConsole
Remove a registered WebAuthn MFA credential
You can remove a registered WebAuthn MFA credential. This is useful when a user's hardware key was lost, stolen, or is no longer in use. You can also remove a registered credential when the user still has the original hardware authenticator, but wants to replace it with a new one. After removing the credential, the user will be prompted to register the replacement authenticator.
|
Removing a registered credential for a user doesn't disable WebAuthn MFA for the user. If a user loses a hardware authenticator and needs to log in before replacing it, you need to remove the credential using these steps and also Disable WebAuthn MFA for the user. |
-
Select Cluster > Settings.
-
Select the arrow icon next to Users and Roles.
-
In the list of users and groups, select the option menu for the user or group whose credentials you want to remove.
-
Select Remove MFA for HTTP credentials.
-
Select Remove.
-
Delete the registered credentials. Note the following:
-
You can optionally specify a storage VM of the user. If omitted, the credential is removed at the cluster level.
-
You can optionally specify a username of the user for whom you are deleting the credential. If omitted, the credential is removed for the current user.
security webauthn credentials delete -vserver <storage_vm_name> -username <username>Console
-
Learn more about security webauthn show in the ONTAP command reference.
