Thanks, but the PDF is not completely answering my question.
eg: Netapp Workflow Automation needs privileged credentials on clusters to create volumes/vservers etc... It seems that It only supports Login/Password based credentials.
eg2: Netapp Active IQ Unified Manager needs admin credentials on clusters to interact with them.
So you have to keep an admin account on your cluster only protected by (strong) password !
In TR4647, there is a note about it page 53
After SAML authentication is configured for the http and ontapi applications, the password
authentication method does not need to be configured. They remain configured for administrator
accounts to enable external supportability tools to continue administrator access with single-factor
user ID/password authentication. If no such tools require user ID/password access, delete all
password authentication methods for all administrator accounts for http and ontapi
applications to provide the most secure administrative access environment.