NetApp's adoption of Microsoft Azure Active Directory Business-to-Customer (MS Azure AD B2C) for Partner, Customer, and Guest logins
What is NetApp’s identity as a Service (IDaaS) adoption?
- NetApp is adopting Microsoft Azure Active Directory Business-to-Customer identity as a service (MS AD B2C) for Partner, Customer, and Guest login (not the previously planned MS AAD B2B).
- Separate credentials will be created based on the registered email address for Partners, Customers, and Guests. The password will be One Time Passcode (OTP) to the registered email address.
- Identity federation can be enabled upon organization request beginning February 2022. Federation will support organizations to use their business credentials.
What is the Transition Timeline?
All applications accessed by NetApp Partners, Customers, and Guests, will transition to MS Azure AD B2C beginning at 8 PM PST, Friday, December 3, 2021. This includes applications such as NetApp Support Site, Ascend, Field Portal, Active IQ, and many others.
Beginning October 25, 2021, NetApp will issue email invitations for all current Partners, Customers, and Guests to pre-register with MS Azure AD B2C. We want to ensure every one of our valued Partners, Customers, and Guests is prepared to login with the new identity, effective December 3, 2021. With this in mind, we will send reminder emails throughout the transition period leading up to December 3, 2021.
What is the difference between MS Azure B2C and MS Azure AD B2B?
- The transition to MS Azure AD B2B planned for spring 2021 was postponed because several of NetApp’s largest customers experienced issues adopting B2B (Business to Business), as MS Azure AD B2B requires organizations to leverage their existing MS Azure corporate credentials rather than a second set of credentials.
- NetApp MS Azure AD B2C will default to create separate B2C credentials for Partners, Customers, and Guests, unless the organization specifies otherwise. The separate B2C credentials will authenticate with a One-Time-Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email.
- NetApp’s MS Azure AD B2C will support organizations to use their business credentials via federation upon organization request. See What is Identity Federation section below for details.
- Learn more about Azure Active Directory B2C on the Microsoft site
What is Identity Federation?
Identity federation involves delegating authentication to a trusted provider.
A customer attempts to access a NetApp application with their corporate issued email - email@example.com
NetApp trusts the company, Acme, to perform the authentication and directs the sign-in to Acme for processing.
The customer authenticates with their own identity at Acme, and Acme notifies NetApp the user is successfully signed in.
MS Azure AD B2C will support identity federation beginning February 2022 upon request by the customer. Identity federation must first be configured between NetApp and the customer organization.
What is the new Partner, Customer, and Guest experience?
NetApp MS Azure AD B2C defaults to create separate B2C credentials for Partners, Customers, and Guests, unless the organization specifies otherwise. The separate B2C credentials will authenticate with a One-Time Passcode (OTP) to the registered email address. Receiving an OTP ensures the user still has access to their corporate email.
Partners or Customers who request and configure identity federation will enter their email address and redirect to their own corporate login page to complete authentication.
Why is NetApp making this change?
- NetApp is making this change to simplify and secure Partner and Customer access to NetApp resources by aligning with email address via one-time Passcode (OTP) to email or identity federation.
- This provides greater security for NetApp Partners and Customers, ensuring that offboarded individuals from their organization will no longer have access to NetApp resources.
- NetApp takes security very seriously; this will always remain the same. Moving to a cloud base solution brings on added security features to ensure that Customer, Partner and Guest entitlements are secured.
What does it mean to pre-register?
All NetApp Partners, Customers, and Guests must register via MS Azure AD B2C. NetApp will send invitations to current Partners, Customers, and Guests to pre-register in the 6 weeks prior to NetApp’s migration.
It is important that Partners, Customers, and Guests not discard these email invites, but accept and continue the process of registering.
You will not use the new identity until NetApp’s migration, effective December 3, 2021.
Partners, Customers, and Guests must register for MS Azure AD B2C – even if they previously registered for B2B. The B2B logins are separate and no longer valid.
Will I still get access to all the things I have today?
- All Partners, Customers, and Guests will have access to their current data. Your original NetApp Support Site login (NSS ID) will be linked to the MS Azure AD B2C registered identity.
- Due to incompatibility, on the IDaaS migration launch, all NSS IDs that include an @ symbol will be updated to replace the @ symbol with an _ (underscore).
What is my password for the new account?
For the default B2C Guest Accounts, the password will be an OTP sent to the registered email address. The OTP is generated when Partners, Customers, and Guests attempt to access an application.
For organizations that request and configure identity federation with NetApp, the password will be their organization password. See section How does an organization request and configure identity federation?
Will I have to login multiple times during the day?
- Once a Partner, Customer, or Guest successfully signs in, the session will remain active for 7 days for most applications.
- Once logged into NetApp via browser, your session should be supported across other browser sessions.
Who do I contact if I have an issue before and after migration?
- Phone: For a list of numbers, refer to the NetApp Global Service Contacts
- Online: Submit Non-technical Feedback
What if I missed or deleted the invitation to pre-register for NetApp MS Azure AD B2C?
- Prior to the December 3, 2021 Go Live, contact NetApp’s Global Service Contacts
- Submit Non-technical Feedback form to request a new invitation.
- After December 3, 2021 Go Live, the new login prompt will offer the option to register. Access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
What if my organization restricts access to other Microsoft Azure AD tenants?
- MS Azure AD tenant restrictions configured by an organization to prevent access to other MS Azure AD tenants, do not apply to B2C Guest accounts created in the NetApp B2C tenant.
- Any organization that would like to configure identity federation must remove MS Azure AD tenant restrictions for the NetApp B2C tenant.
What if my organization has used Distribution Lists as email addresses for NSS IDs?
Unique logins for each user are recommended to ensure clear ownership and traceability; however, it is understood that some organizations use distribution lists to ensure all team members are aware of new and updated cases.
- MS Azure AD B2C Guest accounts will support Distribution Lists as email addresses. All Distribution List members will receive the OTP when a Distribution List member attempts to login.
- Any organization that would like to configure identity federation will not be able to use Distribution Lists as they are blocked by MS Azure AD.
What do I do if my organization email changes?
- Contact NetApp’s Global Service Contacts or submit Non-technical Feedback form and provide your new email address.
- The NetApp Customer Support team will update your profile and you will receive a link to register your NetApp B2C account via email.
- Follow the link to enter your email and complete your registration.
What is the new Customer or Partner registration process?
After initiating new customer (Support Site, Communities) or partner (Partner Hub) registration, NetApp will issue an invite for the user to accept linking their account with NetApp. No personal or organization specific data is linked.
What if I do not want an MS Azure AD account?
- NetApp registration does not create a Microsoft account.
- It will create a B2C account within the NetApp tenant or it will use the federated login of the organization (if requested and configured by the organization).
How does an organization request and configure identity federation?
- NetApp will support identity federation beginning February 2022.
- The process for requesting and configuring federation will be posted to NetApp Support Site in January 2022.