Set up multifactor authentication

Contributors netapp-thomi netapp-aherbin Download PDF of this topic

Security Assertion Markup Language (SAML) authentication allows users to log in to an application by using a secure identity provider (IdP).

In System Manager, in addition to standard ONTAP authentication, SAML-based authentication is provided as an option for multifactor authentication.

Security Assertion Markup Language (SAML) is an XML-based framework for authentication and authorization between two entities: a service provider and an identity provider.

Enable SAML authentication

Workflow diagram of task to set up multfactor authentication with SAML

To enable SAML authentication, perform the following steps:

  1. Click Cluster > Settings.

  2. Next to SAML Authentication, click gear icon.

  3. Ensure there is a check in the Enable SAML Authentication checkbox.

  4. Enter the URL of the IdP URI (including "https://").

  5. Modify the host system address, if needed.

  6. Ensure the correct certificate is being used:

    • If your system was mapped with only one certificate with type "server", then that certificate is considered the default and it isn’t displayed.

    • If your system was mapped with multiple certificates as type "server", then one of the certificates is displayed. To select a different certificate, click Change.

  7. Click Save. A confirmation window displays the metadata information, which has been automatically copied to your clipboard.

  8. Go to the IdP system you specified and copy the metadata from your clipboard to update the system metadata.

  9. Return to the confirmation window (in System Manager) and check the checkbox I have configured the IdP with the host URI or metadata.

  10. Click Logout to enable SAML-based authentication. The IdP system will display an authentication screen.

  11. In the IdP system, enter your SAML-based credentials. After your credentials are verified, you will be directed to the System Manager home page.

Disable SAML authentication

To disable SAML authentication, perform the following steps:

  1. Click Cluster > Settings.

  2. Under SAML Authentication, click the Enabled toggle button.

  3. Optional: You can also click gear icon next to SAML Authentication, and then uncheck the Enable SAML Authentication checkbox.