Tech ONTAP Blogs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tech ONTAP Blogs

IAM in NetApp Console

MayankKatiyar
NetApp
NetApp
‎2024-10-23 09:34 AM
903 Views

IAM in NetApp Console

IAM is a framework, a discipline, and a set of technologies that enable the right individuals to access the right resources at the right times for the right reasons.

On the NetApp Console graphical user interface, a dedicated area is provided for identity and access administration. This functionality allows you to manage who has access to features and services throughout the system.

 

What is Identity Federation, and how does it work for NetApp Console

Identity federation enables access to one application from another using the same credentials. It establishes a trust connection between NetApp Console's authentication service provider (Auth0) and your identity management provider.

The process works as follows:

 

Identity Federation Flow in NetApp Console

 

MayankKatiyar_0-1760638190488.png

 

  1. User Initiates Login
    The user enters their email address on the NetApp Console login page.
  2. Federation Detection
    NetApp Console detects that the email domain is part of a federated setup and redirects the authentication request to the configured identity provider (IdP).
  3. Authentication via IdP
    The user authenticates using their corporate credentials directly with the IdP (e.g., Azure AD, Okta, etc.).
  4. Token Exchange and Access
    The IdP validates the credentials and sends a token back to NetApp Console, which then grants access to the user.

NetApp Console supports three types of user accounts:

  • Local User account: Users who register directly with NetApp Console.
  • NSS Account: NetApp customers are accessing the NetApp Console.
  • External IDP Federated Account: Users from external IDPs accessing NetApp Console via Federation.

 

IAM Components in NetApp Console

While using the NetApp Console Identity and Access dashboard, you'll manage the following components:

  • Organization: Consists of folders, projects, members, roles, and resources.
  • Folders: Group related projects and separate them from others.
  • Projects: Workspaces accessed from the NetApp Console canvas.
  • Resources: Working environments created or discovered in NetApp Console.
  • Members: User or service accounts.
  • Roles and permissions: Define actions members can perform.
  • Console agent: Enable secure communication between your storage, services, hyperscalers, and NetApp Console.

    MayankKatiyar_1-1760638190494.png

 

RBAC Model in NetApp Console

Enterprise administrators can use RBAC to implement fine-grained access controls. The resource hierarchy organizes NetApp resources such as CVO, ONTAP, FSXn, GCNV, and others into a tree-like structure. Using folders and projects, customers can rapidly create this hierarchy via the NetApp Console UI or API.

MayankKatiyar_2-1760638190503.png

 

 

Permissions can be set at the folder or project level, simplifying access management. Folders can represent business units (e.g., marketing vs. sales) or locations (e.g., us-east, EU). Each customer may have up to eight folder types. Projects are the standard method for organizing ONTAP resources.

For more information, please visit:

https://docs.netapp.com/us-en/console-setup-admin/concept-identity-and-access-management.html

 

IAM Glance in NetApp Console

To navigate the NetApp Console's graphical user interface, start by clicking the hamburger icon located on the left side of the screen. This action will reveal the Administration tile, which you should click to open a dedicated pane dedicated to Identity and Access management. Within this pane, you can organize your resources using folders and projects, allowing for a highly customizable structure tailored to your organization's specific needs. This setup facilitates efficient management and secure access control across your storage environment.

 

MayankKatiyar_3-1760638190508.png

 

 

 

New Features in NetApp Console

NetApp Console has recently introduced powerful new features to enhance identity and access management:

Federation

This feature allows seamless integration with external identity providers, enabling users to access NetApp Console using their corporate credentials. It establishes a trust relationship between NetApp Console's authentication service and your organization's identity provider, streamlining user authentication and improving security.

 

MayankKatiyar_4-1760638190511.png

 

For more information, please visit:

https://docs.netapp.com/us-en/console-setup-admin/concept-federation.html

 

Self-Service Partnership Feature

This feature empowers organizations to manage partnerships and access controls independently. Administrators can configure access permissions, onboard partners, and manage roles without requiring support intervention—accelerating collaboration and improving operational efficiency.

MayankKatiyar_5-1760638190514.png

 

For more information, please visit:

https://docs.netapp.com/us-en/console-setup-admin/concept-org-partnerships.html

 

All Community Forums
Public