- Active IQ Unified Manager 7.3 (9.3) and above
- Security Assertion Markup Language (SAML)
Beginning with NetApp® ONTAP® 9.3, NetApp is addressing MFA (Multifactor Authentication) requirement for web authentication in OnCommand Unified Manager (OCUM) or Active IQ Unified Manager.
Security Assertion Markup Language (SAML) 2.0 is a widely adopted industry standard that allows any third-party SAML-compliant identity provider (IdP) to perform MFA using mechanisms unique to the IdP of the enterprise’s choosing and as a source of single sign-on (SSO).
There are three roles defined in the SAML specification:
- The principal
- The IdP (identity provider)
- The service provider (SP).
In this implementation, a principal is the cluster administrator gaining access to ONTAP through OCUM. The IdP is third-party IdP software from an organization such as Microsoft Active Directory Federated Services (ADFS) or the open-source Shibboleth IdP. The SP (service provider) is the SAML capability built into OCUM web application.