ONTAP 9 Manuals ( CA08871-402 )

Administrator authentication and RBAC workflow

You can enable authentication for local administrator accounts or remote administrator accounts. The account information for a local account resides on the storage system and the account information for a remote account resides elsewhere. Each account can have a predefined role or a custom role.

Administrator authentication and RBAC workflow

You can enable local administrator accounts to access an admin storage virtual machine (SVM) or a data SVM with the following types of authentication:

  • Password

  • SSH public key

  • SSL certificate

  • SSH multifactor authentication (MFA)

    Authentication with password and public key is supported.

You can enable remote administrator accounts to access an admin SVM or a data SVM with the following types of authentication:

  • Active Directory

  • SAML authentication (only for admin SVM)

    Security Assertion Markup Language (SAML) authentication can be used for accessing the admin SVM by using any of the following web services: Service Processor Infrastructure, ONTAP APIs, or ONTAP System Manager.

  • SSH MFA can be used for remote users on LDAP or NIS servers. Authentication with nsswitch and public key is supported.

Top of Page