- ONTAP System Manager 9.3 and above
- Security Assertion Markup Language (SAML)
Beginning with NetApp® ONTAP® 9.3, NetApp is addressing MFA (Multifactor Authentication) requirement for web authentication in NetApp OnCommand® System Manager (OCSM) or ONTAP System Manager.
Security Assertion Markup Language (SAML) 2.0 is a widely adopted industry standard that allows any third-party SAML-compliant identity provider (IdP) to perform MFA using mechanisms unique to the IdP of the enterprise’s choosing and as a source of single sign-on (SSO).
There are three roles defined in the SAML specification:
- The principal
- The IdP (identity provider)
- The service provider (SP).
In the ONTAP implementation, a principal is the cluster administrator gaining access to ONTAP through OCSM. The IdP is third-party IdP software from an organization such as Microsoft Active Directory Federated Services (ADFS) or the open-source Shibboleth IdP. The SP (service provider) is the SAML capability built into ONTAP that is used by OCSM web application.