Skip to main content

Multifactor authentication overview

Contributors netapp-mwallis netapp-aherbin

Multifactor authentication (MFA) allows you to enhance security by requiring users to provide two authentication methods to log in to an admin or data storage VM.

Depending upon your version of ONTAP, you can use a combination of an SSH public key, a user password, and a time-based one-time password (TOTP) for multifactor authentication. When you enable and configure Cisco Duo (ONTAP 9.14.1 and later), it serves as an additional authentication method, supplementing the existing methods for all users.

Available beginning with…​ First authentication method Second authentication method

ONTAP 9.14.1

SSH public key

TOTP

User Password

TOTP

SSH public key

Cisco Duo

User password

Cisco Duo

ONTAP 9.13.1

SSH public key

TOTP

User password

TOTP

ONTAP 9.3

SSH public key

User password

If MFA is configured, the cluster administrator must first enable the local user account, then the account must be configured by the local user.

Workflow of configuring MFA. This shows if MFA is configured the cluster administrator must first enable the local user account then the account must be configured by the local user.