ONTAP Discussions

System Manager SAML with domain groups


Is it possible/supported to use domain groups for SAML authentication?

user authentication works fine but there are many users involved so I prefer to configure it for domain groups.



Re: System Manager SAML with domain groups



Domain/Groups are not supported for a SAML-enabled cluster.


There is a KB article:

OnCommand System Manager authentication is not working with Active Directory Domain Groups

Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.


Example: To add user 'test1' for http & ontapi capability:
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml

View solution in original post

Re: System Manager SAML with domain groups

thanks for the answer.

this is what i've done. is there any plan to add domain groups support anywhere soon?

Cloud Volumes ONTAP
Review Banner
All Community Forums