Skip to main content
NetApp Knowledge Base

Does ONTAP support Azure AD with Oauth2.0?

Views:
571
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9+

Answer

  • Currently we don’t support Azure AD with Oauth 2.0 for CIFS.
  • Currently we support:
    1. Clients connecting to Azure Netapp Files(ANF) volumes do not need to join an on-premises AD domain. They only need to join Azure AD(currently Entra ID) with hybrid user (synced from on-premises Active Directory ) using Azure AD connect application.
      1. Access SMB volumes from Microsoft Entra joined Windows virtual machines
      2. Client don’t have line of sight to on-premises AD.
    2. ONTAP connects to  Azure AD and gets OAuth token to connect with Azure Key Vault.

 

Additional Information

To enable SMB/CIFS access using Entra ID identities, you can use Microsoft Entra Domain Services (EDS), which provides domain join and Kerberos/NTLM support for cloud-only identities:

  1. Enable Microsoft Entra Domain Services:

    • Set up EDS in your Azure environment to provide domain services like Kerberos and LDAP.
  2. Domain-Join Your VMs:

    • Ensure that the virtual machines accessing the NetApp volumes are domain-joined to the EDS domain.
  3. Configure Azure NetApp Files:

    • Set up Azure NetApp Files to use EDS for authentication.
    • Assign appropriate permissions to users/groups in Entra ID that need access to the shares.
  4. Hybrid Identity Support:

    • For hybrid users (synced from on-prem AD), use Microsoft Entra Connect to sync identities.
    • Ensure that these users are also part of the EDS domain or federated appropriately.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.