Skip to main content
NetApp Knowledge Base

How to configure System Manager for authentication using domain user or group

  1. Last updated
  2. Save as PDF
Views:
26,187
Visibility:
Public
Votes:
11
Category:
ontap-system-manager
Specialty:
om
Last Updated:

 

Applies to

Description

  • Active Directory users can be used to authenticate into ONTAP System Manager
  • This process requires that within the ONTAP cluster a domain-tunnel to an existing SMB server or an active directory server to the admin SVM is created
  • Once that is created access can be granted to Active Directory users and groups

Procedure

Process
  1. Create an active directory connection with any one of the following methods:
    1. Configure an authentication tunnel (referred to as a domain tunnel)
    2. Starting in ONTAP 9.16.1 create an SVM computer account on the domain (no domain tunnel required)
    3. For ASA r2 Configure active directory domain controller access
  2. Add a domain user or group using one of the following methods:
    1. Using System Manager
      1. Navigate to Cluster > Settings, then click System Manager for authentication using domain user or group in the Users and Roles tile.
      2. In the Users section, click the Validate configured Domain or LDAP users/groups button.
      3. For Target Product select System Manager.
      4. For User Name enter the active directory user in the format of domain\username or domain\group.
      5. Select Role of admin.
      6. For User login methods​​​​​​ select Application of HTTPAuthentication of Active Directory Domain, and Multifactor authentication is Disabled.
      7. Click the Save button.
    2. Using ONTAP CLI
      1. Use the security login create command.
      2. For -vserver supply the admin SVM (the name of the cluster).
      3. For -user-or-group-name enter the active directory user in the format of domain\username or domain\group.
      4. For -authentication-method enter domain.
      5. For -application enter http.
      6. For -role enter admin.
      7. The -second-authentication-method is optional.
  3. You can now access System Manager supplying the Active Directory user credentials that were just added:

Login to System Manager via domain\username

Video Overview

Additional Information

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.