Skip to main content
NetApp Knowledge Base

FAQs for NetApp adoption of MS Azure AD B2C for login

Views:
33,873
Visibility:
Public
Votes:
171
Category:
not set
Specialty:
generalsupport
Last Updated:

Applies to

 NetApp's adoption of Microsoft Azure Active Directory Business-to-Customer (MS Azure AD B2C) for Partner, Customer, and Guest logins.

Answer

Register with NetApp

  • Users with NetApp Support Site (NSS) ID: If you have not done so already, Register your account. On completion, access to your NetApp data may take up to 3 hours.

  • New Users: If you are a new user, Register your account here. On completion, access to your NetApp data may take up to 3 hours.

Login Experience

To learn more about the NetApp Support Site login experience, watch the KB TV video – Improving the Login Experience at NetApp.

Getting Support

If you have already registered and have an existing Business-to-Customer (B2C) account, find support through the following:

What is the NetApp Partner, Customer, and Guest sign in experience?

  • Sign in with the email address you registered with NetApp.  The default password experience is a One-Time Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email. 

  • Partners or Customers who request and configure identity federation will enter their email address and redirect to their own corporate login page to complete authentication.

What is the password for my NetApp account?

  • The default password experience is a One-Time Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email. 

  • The OTP is generated when Partners, Customers, and Guests attempt to access an application.

  • A new OTP is generated with each sign-in attempt. You cannot use older OTP to sign in.

  • For organizations that request and configure identity federation with NetApp, the password will be their organization password. See section How does an organization request and configure identity federation?

Will I have to log in multiple times during the day?

  • On the Sign In screen, select “Keep me signed in,” and the session will remain active for 7 days for most applications. Once logged into NetApp via a browser, your session should be supported across other tabs within the same browser.

  • Please note: “Keep me signed in” is not available in Private mode and is cancelled by Sign Out.  

What do I do if my organization's email changes?

  • Contact NetApp’s Global Service Contacts or submit Non-technical Feedback form and provide your new email address.

  • NetApp Customer Support team will update your profile and you will receive a link to register your NetApp B2C account via email.

  • Follow the link to enter your email and complete your registration.

What if I attempt to register for MS Azure B2C but a new NetApp Support Site (NSS) ID is created instead of using my existing/previously used ID?

  • If you have an existing NetApp Support Site (NSS) ID that is associated with a different email address, when you try to register with a new email address, a new account and NSS ID will be created. It will NOT be associated with your current NetApp Support Site (NSS) ID and case history.

  • If this occurs, Complete the Non-Technical Feedback form and select Registration Issue as the Feedback Category.

  • In the comments section of the form, provide the following:

1.  Request the newly created NSS ID to be Disabled.
2.  Request the preferred NSS ID to be updated with the proper email address.

  • Once the update is completed by a NetApp Customer Support Representative, you will receive a new invitation to register the new email address.  Please wait approximately 3 hours to register, to ensure all data is synchronized.

What if I attempt to sign-in to a NetApp application and the login screen fails to load with an error?

The NetApp login process includes scripting which may be blocked by web browser script blockers. Allow netappb2c.b2clogin.com & signin.b2c.netapp.com to support the login process.

What if my organization uses Distribution Lists as email addresses?

Unique logins for each user are recommended to ensure clear ownership and traceability; however, it is understood that some organizations use distribution lists to ensure all team members are aware of new and updated cases.

  • All Distribution List members will receive the OTP when a Distribution List member attempts to login.

  • Organization that would like to configure identity federation cannot register Distribution Lists as they are blocked by MS Azure AD B2C.

Why did NetApp adopt Identity as a Service (IDaaS)?

  • NetApp adopted Identity as a Service (IDaaS) to simplify and secure Partner and Customer access to NetApp resources by aligning with email address and password via One-Time Passcode (OTP) to email or identity federation.

  • This provides greater security for NetApp Partners and Customers, ensuring that offboarded individuals from their organization no longer have access to NetApp resources. Moving to a cloud base solution brings on added security features to ensure that Customer, Partner, and Guest entitlements are secured.

What is Identity Federation?

Identity federation involves delegating authentication to a trusted provider. For example:

  • A customer attempts to access a NetApp application with their corporate-issued email - john.doe@acme.com

  • NetApp trusts the company, Acme, to perform the authentication and directs the sign-in to Acme for processing.

  • The customer authenticates with their own identity at Acme, and Acme notifies NetApp the user is successfully signed in.   

MS Azure AD B2C supports identity federation upon customer request. Identity federation must first be configured between NetApp and the customer organization. 

What are the prerequisites for Identity Federation?

  • Federation via SAML, OAuth, or OIDC is supported.

  • Federation cannot be configured if distribution lists or multiple email aliases for the same mailbox are used as email addresses.

  • Organizations with MS Azure AD tenants must support email addresses for sign-in. User Principal Name (UPN) of login@domain.com are not supported.

  • MS Azure AD tenant restrictions may impact ability to federate.

How does an organization request and configure identity federation?

·       Download and complete the NetApp Federation Request Form.

Note: If the Form does not open, copy-paste the below URL in your browser:

https://kb.netapp.com/@api/deki/files/98382/NetApp-B2C-Federation-Request-Form-April-2022.docx

  • Email the NetApp Federation Request Form to ng-identity-federation@netapp.com with Subject Federation Request – Company Name (email address only used for initial submission)

  • NetApp Identity and Access Management team will review your request and engage to support.

What is the sign-in experience after federation is enabled?

  • At the NetApp login screen, enter your email address.

  • When routed to your corporate sign-in screen, enter your corporate password.

  • If your organization uses Azure AD, if asked to choose between Work account or Personal Account, choose Work account.

Additional Information

additionalInformation_text

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.