Active IQ Unified Manager Discussions

Smart card Authentication?

cecil

Does anyone know if there is a way to use smartcard authentication with OnCommand? Most secure enviroments force Windows accounts to only use Smart Card logon which scrambles the users password and they would not be able to enter a username/pwd at the oncommand logon screen. 

1 ACCEPTED SOLUTION

adaikkap

Hi Cecil,

     As of today OnCommand Unified Manager doesnt do it. Can you explain us little more on the same why its better why its need etc ?

Regards

adai

View solution in original post

10 REPLIES 10

SheilaHale
So is smart card Authentication working with Ontap 7-Mode 8.2.2.? If so how do we set this up using RSA-gemalto drivers?

jpulk

Was SmartCard authentication ever added to Unified Manager? I've been searching but haven't found anything yet specifically saying that it was or wasn't added and if so how to configure it. 

JCutter03

I'm also looking for smart card support as well... or at least single sign on.

thywyn222

SAML 2.0 was announced for OCUM (7.3??)  and System manager in Ontap 9.3.. "and the people supporting smart card environments rejoiced..... yyeeeeaahh..."

 

https://blog.netapp.com/announcing-netapp-ontap-9-3-the-next-step-in-modernizing-your-data-management/

 

 

 

cecil

Hi Adai,

Its been awhile and I wanted to follow up. Was there ever any plan to incorporate this with OnCommand?

Thank you!

Cecil

kryan

Hi Cecil,

This functionality is currently planned for a future release of UM 6.x for Clustered Data ONTAP.

There are no plans to add Smart Card support in UM 5.x. 

Thanks,

Kevin

cecil

Thank you for responding but ouch! That’s not going to go over well with my customers that have metro and are not upgrading to Clustered Ontap very soon. These are the people who wanted this change made in the first place.

adaikkap

Hi Cecil,

     As of today OnCommand Unified Manager doesnt do it. Can you explain us little more on the same why its better why its need etc ?

Regards

adai

View solution in original post

cecil

Adai.

Once again, thanks you for the quick response. Government agencies require the use of a smartcard for logon to a Windows domain and the account option "smart card is required for interactive logon" enabled on the AD account. When this boxed is checked, all interactive logon would require the smartcard to logon. So that means windows users can only now logon to the OnCommand Console if this option is turned off (which violates their security rules) on their AD account. The only work around I can see is if they have a local account on the Windows server hosting the OnCommand install (Again a more minor security finding). Local accounts aren't preferred and would seem to be taking a step backward as they require more management. If OnCommand supported smartcard, then the user would simply have to have the rights, a smartcard, and a pin #. That make sense?

Cecil

adaikkap

Hi Cecil,

     Thanks for the details. Let me pass this on to the concerned personnel for further actions.

Regards

adai

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public