Skip to main content
NetApp Knowledge Base

FAQs for NetApp adoption of MS Azure AD B2C for login

Views:
26,491
Visibility:
Public
Votes:
150
Category:
not set
Specialty:
tools
Last Updated:

Applies to

  NetApp's adoption of Microsoft Azure Active Directory Business-to-Customer (MS Azure AD B2C) for Partner, Customer, and Guest logins

Answer

Register your account
  • Existing Users: If you have not done so already, please Pre-Register your account. On completion, access to your NetApp data may take up to 3 hours.
  • New Users: If you are a new user, Register your account here. On completion, access to your NetApp data may take up to 3 hours.
New Login Experience

To learn more about the new NetApp Support Site login experience, watch the KB TV video – Improving the Login Experience at NetApp.

Getting Support

Who do I contact if I have an issue authenticating with my credentials?

If you have already registered and have an existing Business-to-Customer (B2C) account, find support through the following:

Account and Access FAQs

What is the new Partner, Customer, and Guest experience?

  • NetApp MS Azure AD B2C defaults to create separate B2C credentials for Partners, Customers, and Guests, unless the organization specifies otherwise. The separate B2C credentials will authenticate with a One-Time Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email. 
  • Partners or Customers who request and configure identity federation will enter their email address and redirect to their own corporate login page to complete authentication.
What is my password for the new account?
  • For the default B2C Guest Accounts, the password will be an OTP sent to the registered email address. The OTP is generated when Partners, Customers, and Guests attempt to access an application.
  • A new OTP is generated with each sign-in attempt. You cannot use older OTP to sign in.
  • For organizations that request and configure identity federation with NetApp, the password will be their organization password. See section How does an organization request and configure identity federation?
Will I have to log in multiple times during the day?
  • Once a Partner, Customer, or Guest successfully signs in with their OTP, the session will remain active for 7 days for most applications.
  • Please select “Keep me signed in” on the Sign In screen to set a persistent cookie to allow sessions to remain active even if the browser is closed.  
    • Please note: “Keep me signed in” is not available in Private mode and is canceled by Sign Out.  
  • Once logged into NetApp via a browser, your session should be supported across other tabs within the same browser.
What do I do if my organization's email changes?
  • Contact NetApp’s Global Service Contacts or submit Non-technical Feedback form and provide your new email address.
  • The NetApp Customer Support team will update your profile and you will receive a link to register your NetApp B2C account via email.
  • Follow the link to enter your email and complete your registration.
What if I attempt to register for MS Azure B2C but a new NetApp Support Site (NSS) ID is created instead of using my existing/previously used ID?

If you attempt to register for a new MS Azure B2C login with an email address that is NOT already associated with your current NetApp Support Site (NSS) ID, the system will treat your account as a new customer. It will onboard the email address and generate a new NSS ID which may not have access to your current entitlements. If this occurs, please Complete the Non-Technical Feedback form and select “Registration Issue” as the Feedback Category.

In the comments section of the form, provide the following:

1.  Request the newly created NSS ID to be Disabled.
2.  Request the preferred NSS ID to be updated with the proper email address.

Once the update is completed by a NetApp Customer Support Representative, you will receive a new invitation to register the new email address.  Please wait approximately 3 hours to register, to ensure all data is synchronized.

What if I attempt to sign in to a NetApp application and the login screen fails to load with an error?

The new NetApp login process includes scripting which may be blocked by web browser script blockers. Please allow netappb2c.b2clogin.com to support the login process.

What if my organization restricts access to other Microsoft Azure AD tenants?
  • MS Azure AD tenant restrictions configured by an organization to prevent access to other MS Azure AD tenants, do not apply to B2C Guest accounts created in the NetApp B2C tenant.
  • Any organization that would like to configure identity federation must remove MS Azure AD tenant restrictions for the NetApp B2C tenant.
What if my organization has used Distribution Lists as email addresses for NSS IDs?

Unique logins for each user are recommended to ensure clear ownership and traceability; however, it is understood that some organizations use distribution lists to ensure all team members are aware of new and updated cases.

  • MS Azure AD B2C Guest accounts will support Distribution Lists as email addresses. All Distribution List members will receive the OTP when a Distribution List member attempts to login.
  • Any organization that would like to configure identity federation will not be able to use Distribution Lists as they are blocked by MS Azure AD.
What if I do not want an MS Azure AD account?
  • NetApp registration does not create a Microsoft account.
  • It will create a B2C account within the NetApp tenant or it will use the federated login of the organization (if requested and configured by the organization).
About Identity as a Service (IDaaS)

What is NetApp’s identity as a Service (IDaaS) adoption?

  • NetApp is adopting Microsoft Azure Active Directory Business-to-Customer identity as a service (MS AD B2C) for Partner, Customer, and Guest login (not the previously planned MS AAD B2B).
  • Separate credentials will be created based on the registered email address for Partners, Customers, and Guests. The password will be One Time Passcode (OTP) to the registered email address.
  • Identity federation can be enabled upon organization request beginning February 2022. Federation will support organizations to use their business credentials.   
What was the Transition Timeline?
  • All applications accessed by NetApp Partners, Customers, and Guests, transitioned to MS Azure AD B2C at 8 PM PST, Friday, December 3, 2021. This includes applications such as NetApp Support Site, Ascend, Field Portal, Active IQ, and many others.
  • NetApp started sending email invitations on October 25, 2021 for all current Partners, Customers, and Guests to pre-register with MS Azure AD B2C. We wanted to ensure every one of our valued Partners, Customers, and Guests was prepared to login with the new identity, effective December 3, 2021. NetApp also sent reminder emails throughout the transition period leading up to December 3, 2021.
What is the difference between MS Azure B2C and MS Azure AD B2B?
  • The transition to MS Azure AD B2B planned for spring 2021 was postponed because several of NetApp’s largest customers experienced issues adopting B2B (Business to Business), as MS Azure AD B2B requires organizations to leverage their existing MS Azure corporate credentials rather than a second set of credentials.
  • NetApp MS Azure AD B2C will default to create separate B2C credentials for Partners, Customers, and Guests, unless the organization specifies otherwise. The separate B2C credentials will authenticate with a One-Time-Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email.
  • NetApp’s MS Azure AD B2C will support organizations to use their business credentials via federation upon organization request. See What is Identity Federation section below for details.
  • Learn more about Azure Active Directory B2C on the Microsoft site
Why did NetApp make this change?
  • NetApp made this change to simplify and secure Partner and Customer access to NetApp resources by aligning with email address via one-time Passcode (OTP) to email or identity federation.
  • This provides greater security for NetApp Partners and Customers, ensuring that offboarded individuals from their organization no longer have access to NetApp resources.
  • NetApp takes security very seriously; this will always remain the same. Moving to a cloud base solution brings on added security features to ensure that Customer, Partner, and Guest entitlements are secured.
Will I still get access to all the things I have today?
  • All Partners, Customers, and Guests will have access to their current data. Your original NetApp Support Site login (NSS ID) will be linked to the MS Azure AD B2C registered identity.
  • Due to incompatibility, on the IDaaS migration launch, all NSS IDs that include an @ symbol will be updated to replace the @ symbol with an _ (underscore).
What is Identity Federation?

Identity federation involves delegating authentication to a trusted provider. For example,

  • A customer attempts to access a NetApp application with their corporate-issued email - john.doe@acme.com
  • NetApp trusts the company, Acme, to perform the authentication and directs the sign-in to Acme for processing.
  • The customer authenticates with their own identity at Acme, and Acme notifies NetApp the user is successfully signed in.   

MS Azure AD B2C supports identity federation beginning February 2022 upon customer request. Identity federation must first be configured between NetApp and the customer organization. 

What are the prerequisites for Identity Federation?
  • Federation via SAML, OAuth, or OIDC is supported.
  • Federation cannot be configured if distribution lists or multiple email aliases for the same mailbox are used as email addresses.
  • Organizations with MS Azure AD tenants must support email addresses for sign-in. User Principal Name (UPN) of login@domain.com are not supported.
  • MS Azure AD tenant restrictions may impact ability to federate.
How does an organization request and configure identity federation?

Note: If the Form does not open, copy-paste the below URL in your browser:

https://kb.netapp.com/@api/deki/files/98382/NetApp-B2C-Federation-Request-Form-April-2022.docx

  • Email the NetApp Federation Request Form to ng-identity-federation@netapp.com with Subject Federation Request – Company Name (email address only used for initial submission)
  • The NetApp Identity and Access Management team will review your request and engage to support.
What is the sign-in experience after federation is enabled?
  • At the NetApp login screen, enter your email address
  • When routed to your corporate sign-in screen, enter your corporate password
  • If your organization uses Azure AD, if asked to choose between Work account or Personal Account, please choose Work account

Additional Information

additionalInformation_text

 

Scan to view the article on your device