Skip to main content

ONTAP administrator authentication and RBAC overview

Contributors netapp-bhouser netapp-thomi netapp-aherbin netapp-forry
PDFs

You can enable login accounts for ONTAP cluster administrators and storage virtual machine (SVM) administrators. You can also use role-based access control (RBAC) to define the capabilities of administrators.

You can enable local administrator accounts to access an admin storage virtual machine (SVM) or a data SVM with the following types of authentication:

You can enable remote administrator accounts to access an admin SVM or a data SVM with the following types of authentication:

  • Active Directory

    Beginning with ONTAP 9.13.1, you can use an SSH public key as either your primary or secondary authentication method for an Active Directory user.

  • SAML authentication (only for admin SVM)

    Beginning with ONTAP 9.3, Security Assertion Markup Language (SAML) authentication can be used for accessing the admin SVM by using any of the following web services: Service Processor Infrastructure, ONTAP APIs, or System Manager.

  • LDAP or NIS

    Beginning with ONTAP 9.4, SSH MFA can be used for remote users on LDAP or NIS servers. Authentication with nsswitch and public key is supported.