Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
Is it possible/supported to use domain groups for SAML authentication?
user authentication works fine but there are many users involved so I prefer to configure it for domain groups.
thanks!
Solved! See The Solution
1 ACCEPTED SOLUTION
elic_co has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Domain/Groups are not supported for a SAML-enabled cluster.
There is a KB article:
OnCommand System Manager authentication is not working with Active Directory Domain Groups
https://kb.netapp.com/app/answers/answer_view/a_id/1087129
Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.
Example: To add user 'test1' for http & ontapi capability:
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml
2 REPLIES 2
elic_co has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Domain/Groups are not supported for a SAML-enabled cluster.
There is a KB article:
OnCommand System Manager authentication is not working with Active Directory Domain Groups
https://kb.netapp.com/app/answers/answer_view/a_id/1087129
Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.
Example: To add user 'test1' for http & ontapi capability:
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml
::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for the answer.
this is what i've done. is there any plan to add domain groups support anywhere soon?
