Release notes
Multifactor authentication overview
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Multifactor authentication (MFA) allows you to enhance security by requiring users to provide two authentication methods to log in to an admin or data storage VM.
Depending upon your version of ONTAP, you can use a combination of an SSH public key, a user password, and a time-based one-time password (TOTP) for multifactor authentication. When you enable and configure Cisco Duo (ONTAP 9.14.1 and later), it serves as an additional authentication method, supplementing the existing methods for all users.
| Available beginning with… | First authentication method | Second authentication method |
|---|---|---|
ONTAP 9.14.1 |
SSH public key |
TOTP |
User Password |
TOTP |
|
SSH public key |
Cisco Duo |
|
User password |
Cisco Duo |
|
ONTAP 9.13.1 |
SSH public key |
TOTP |
User password |
TOTP |
|
ONTAP 9.3 |
SSH public key |
User password |
If MFA is configured, the cluster administrator must first enable the local user account, then the account must be configured by the local user.
