Skip to main content

Confirm federated users can sign in

Contributors netapp-perveilerk netapp-madkat ssantho3 netapp-lhalbert
PDFs

Before you enable single sign-on (SSO), you must confirm that at least one federated user can sign in to the Grid Manager and in to the Tenant Manager for any existing tenant accounts.

Before you begin

  • You are signed in to the Grid Manager using a supported web browser.

  • You have specific access permissions.

  • You have already configured identity federation.

Steps

  1. If there are existing tenant accounts, confirm that none of the tenants is using its own identity source.

    Tip When you enable SSO, an identity source configured in the Tenant Manager is overridden by the identity source configured in the Grid Manager. Users belonging to the tenant's identity source will no longer be able to sign in unless they have an account with the Grid Manager identity source.

    1. Sign in to the Tenant Manager for each tenant account.

    2. Select ACCESS MANAGEMENT > Identity federation.

    3. Confirm that the Enable identity federation checkbox is not selected.

    4. If it is, confirm that any federated groups that might be in use for this tenant account are no longer required, clear the checkbox, and select Save.

  2. Confirm that a federated user can access the Grid Manager:

    1. From Grid Manager, select CONFIGURATION > Access control > Admin groups.

    2. Ensure that at least one federated group has been imported from the Active Directory identity source and that it has been assigned the Root access permission.

    3. Sign out.

    4. Confirm you can sign back in to the Grid Manager as a user in the federated group.

  3. If there are existing tenant accounts, confirm that a federated user who has Root access permission can sign in:

    1. From the Grid Manager, select TENANTS.

    2. Select the tenant account, and select Actions > Edit.

    3. On the Enter details tab, select Continue.

    4. If the Use own identity source checkbox is selected, uncheck the box and select Save.

      Edit Tenant Account > Use own identity source checkbox not selected

      The Tenant page appears.

    5. Select the tenant account, select Sign in, and sign in to the tenant account as the local root user.

    6. From the Tenant Manager, select ACCESS MANAGEMENT > Groups.

    7. Ensure that at least one federated group from the Grid Manager has been assigned the Root access permission for this tenant.

    8. Sign out.

    9. Confirm you can sign back in to the tenant as a user in the federated group.

Related information