Is it possible/supported to use domain groups for SAML authentication?
user authentication works fine but there are many users involved so I prefer to configure it for domain groups.
See The Solution
Domain/Groups are not supported for a SAML-enabled cluster.
There is a KB article:
OnCommand System Manager authentication is not working with Active Directory Domain Groupshttps://kb.netapp.com/app/answers/answer_view/a_id/1087129
Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.
Example: To add user 'test1' for http & ontapi capability:::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml
View solution in original post
thanks for the answer.
this is what i've done. is there any plan to add domain groups support anywhere soon?