Is it possible/supported to use domain groups for SAML authentication?
user authentication works fine but there are many users involved so I prefer to configure it for domain groups.
See The Solution
Domain/Groups are not supported for a SAML-enabled cluster.
There is a KB article:
OnCommand System Manager authentication is not working with Active Directory Domain Groupshttps://kb.netapp.com/app/answers/answer_view/a_id/1087129
Only workaround: Use CLI to add a domain "user" to the cluster, but without "domain\" prefix. I guess you have already tested this and it works for you.
Example: To add user 'test1' for http & ontapi capability:::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application http -authentication-method saml::*> security login create -vserver <cluster_vserver> -user-or-group-name test1 -application ontapi -authentication-method saml
View solution in original post
thanks for the answer.
this is what i've done. is there any plan to add domain groups support anywhere soon?
Live Chat, Watch Parties, and More!
Engage digitally throughout the sales process, from product discovery to conﬁguration, and handle all your post-purchase needs.