Data ONTAP Discussions

Highlighted

System Manager SAML with domain groups

Hey,

Is it possible/supported to use domain groups for SAML authentication?

user authentication works fine but there are many users involved so I prefer to configure it for domain groups.

thanks!

2 REPLIES 2

Re: System Manager SAML with domain groups

Hi,

 

Domain/Groups are not supported for a SAML-enabled cluster.

 

There is a KB article:

OnCommand System Manager authentication is not working with Active Directory Domain Groups
https://kb.netapp.com/app/answers/answer_view/a_id/1087129


Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.

 

Example: To add user 'test1' for http & ontapi capability:
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml

View solution in original post

Highlighted

Re: System Manager SAML with domain groups

thanks for the answer.

this is what i've done. is there any plan to add domain groups support anywhere soon?

Try the NEW Knowledgebase!
NetApp KB Site
Forums