Could you please eloborate on that  'readonly' where do you get this ? You mentioned 'ontap' I am assuming this is a cDOT you are dealing with ?

To create domain user:

Cluster::> security login create -user-or-group-name DOMAN\USER -application <options:ssh,ontapi etc> -authentication-method domain -role <options are: admin,backup,vsadmin,readonly etc>

Also, create the domain tunnel so that AD login sessions can be authenticated by the cluster:
cluster1::> security login domain-tunnel create -vserver <vserver>

Kb for reference:
https://kb.netapp.com/app/answers/answer_view/a_id/1086185/loc/en_US
https://kb.netapp.com/app/answers/answer_view/a_id/1073902/loc/en_US

Thanks for domain user related information.

'Readonly' means I am not able to set authentication method as 'domain', it is set to 'password' already and it is not editable.

Are you logged in to system manager as 'admin' ? 

Could you share the screenshot plz.

Added screenshot.

I am considering 'zapi' as NetApp zoom, and using command 'security login modify' to modify user authetication method  as 'domain' (User is created from system manager with auth method as 'password'.)

But it is giving an error: Authentication method not found.

Please correct me if I am wrong.

1) Log in to the cluster using SSH 
2) Validate no tunnel exists by running the following command:
::>security login domain-tunnel show
Note: You can only have one domain tunnel.
3) If a tunnel does not exist, create one by running the following command:
::>security login domain-tunnel create –vserver <CIFS Vserver Name>
4) Add the 'zapi/zoom' service account with API rights:
To add an account, run the following command:
::>security login create –vserver <Cluster Name> -username <domainService_account> –application ontapi –authmethod domain

To add additional rights such as SSH, change the application seting:
security login create -username <domainService_account> –application SSH -authmethod domain