ONTAP authentication method and application to support Cisco DUO MFA
Applies to
- ONTAP 9
- Cisco Duo
- Multifactor authentication
- SSH
- System Manager
- Active IQ Unified Manager(AIQUM)
Answer
Authentioncation-Method | Application |
nsswitch | ssh |
password | ssh |
publickey | ssh |
SAML | http (System Manager / AIQUM) |
Notes:
- An ONTAP locally administered administrator or domain account with chained primary and secondary authentication methods of
password
andpublickey
, ornsswitch
andpublickey
. - Time-based-one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. TOTP can only be used as secondary authentication method for local users.
- SAML 2.0 where ONTAP System Manager or AIQUM are the service provider role to support Cisco DUO starting in ONTAP 9.12.1.
Additional Information
For more details, see TR-4647: Multifactor authentication in ONTAP Best practices and implementation guide