Upcoming Scheduled Maintenance
The NetApp Knowledge Base will be offline between Oct 26, 23:59 PDT and Oct 27, 02:59 PDT, for system maintenance and infrastructure updates. As a result, Elio and kb.netapp.com will be unavailable.

Tech ONTAP Blogs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tech ONTAP Blogs

IAM in BlueXP

MayankKatiyar
NetApp
NetApp
Wednesday
101 Views


IAM in BlueXP

IAM is a framework, a discipline, and a set of technologies that enable the right individuals
accessing the right resources at the right times for the right reasons is crucial.
On the BlueXP graphical user interface, we have designated a specific area for the administration of identity and access. With this function, you may manage who has access to the features and services farther down the line.

 
What is Identity Federation, and how does it work for BlueXP

Identity Federation is a phenomenon that is being used to access one application from another application using the same credentials. This setup creates a trust connection between BlueXP’s authentication service provider (auth0) and your own identity management provider.

The following image depicts how identity federation works with BlueXP:

MayankKatiyar_0-1729699542040.png

 

  1. A user enters their email address on the BlueXP login page.
  2. BlueXP identifies that the email domain is part of a federated connection and sends the authentication request to the identity provider using the trusted connection.

When you set up a federated connection, BlueXP always uses that federated connection for authentication.

  1. The user authenticates by using credentials from your corporate directory.
  2. Your identity provider authenticates the user’s identity, and the user is logged in to BlueXP.

BlueXP supports 3 different types of user accounts:

  1. Local User account: Users who register to BlueXP directly and access BlueXP.
  2. NSS Account: Users who are NetApp customers and access BlueXP.
  3. External IDP Federated Account: Users who are part of external IDP and access BlueXP via Federation.

 

While using BlueXP IAM, you'll manage the following components:

  • Organization: Your organization consists of folders, projects, members, roles, and resources.
  • Folders:folder enables you to group related projects together and separate them from other projects in your organization.
  • Projects: project represents a workspace in BlueXP that organization members access from the BlueXP canvas to manage resources.
  • Resources:resource is a working environment that you created or discovered in BlueXP.
  • Members: Members of your organization are user accounts or service accounts.
  • Roles and permissions: A role contains a set of permissions that enables a member to perform specific actions at a specific level of the resource hierarchy.
  • Connectors: BlueXP Connectors enable secure communication between your storage, services, hyperscalers, and BlueXP itself.

 

IAM Model in BlueXP
Enterprise administrators can use RBAC to implement fine-grained access controls on who can access what resources once they have structured them.

The resource hierarchy organizes NetApp resources such as CVO, ONTAP, FSXn, GCNV, and others into a tree-like structure. By using the constructs of folders and projects, customers can rapidly create the hierarchy using the BlueXP UI or the API.

When resources are organized in a hierarchy, it's easy for BlueXP Org admins to set permissions for BlueXP users at the folder or project level.

 

MayankKatiyar_1-1729699542048.png

 

 

At the top of the hierarchy is a business or organization. By arranging resources in folders, customers can more effectively organize them within an organization. A folder can represent a business unit or group within an organization (marketing vs. sales, etc.) or a location (e.g., us-east, us-west, EU, or APAC). Each customer may have up to eight different kinds of folders. You can use a folder as an optional structure to group NetApp resources together. The standard method that users use to organize their ONTAP resources is using the project structure, which is supported by us and can be accessed under the folder. A company could be working on several projects at once.

 

IAM Glance in BlueXP

If you click on the gear button on the right side of BlueXP's GUI, you can find the IAM tile (Identity and Access Management):

MayankKatiyar_2-1729699542051.png

 

 

 

The resource structure can be set up with the following folders and projects, each with its own name that can be changed to fit the needs of the ORG:



MayankKatiyar_3-1729699542054.jpeg


For more information, please go to the below URL:
 https://docs.netapp.com/us-en/bluexp-setup-admin/concept-identity-and-access-management.html

Announcements
All Community Forums
Public