Add directory server

To configure authentication for Access Management, you can establish communications between the storage array and an LDAP server, and then map the LDAP user groups to the array's predefined roles.

Before you begin

About this task

Adding a directory server is a two-step process. First you enter the domain name and URL. If your server uses a secure protocol, you must also upload a CA certificate for authentication if it is signed by a non-standard signing authority. If you have credentials for a bind account, you can also enter your user account name and password. Next, you map the LDAP server's user groups to the storage array's predefined roles.
Note: During the procedure to add an LDAP server, the legacy management interface will be disabled. The legacy management interface (SYMbol) is a method of communication between the storage array and the management client. When disabled, the storage array and management client use a more secure method of communication (REST API over https).
  1. Select Settings > Access Management .
  2. From the Directory Services tab, select Add Directory Server .
    The Add Directory Server dialog box opens.
  3. In the Server Settings tab, enter the credentials for the LDAP server.
  4. Click the Role Mapping tab.
  5. Assign LDAP groups to the predefined roles. A group can have multiple assigned roles.
    Note: The Monitor role is required for all users, including the administrator. System Manager will not operate correctly for any user without the Monitor role present.
  6. If desired, click Add another mapping to enter more group-to-role mappings.
  7. When you are finished with the mappings, click Add .
    The system performs a validation, making sure that the storage array and LDAP server can communicate. If an error message appears, check the credentials entered in the dialog box and re-enter the information if necessary.