Skip to main content
NetApp Stage KB

Understanding the SAML authentication workflow in AIQUM

Last Updated:

Applies to

  • Active IQ Unified Manager (AIQUM)
  • Security Assertion Markup Language (SAML)


The below example outlines the SAML workflow in Active IQ Unified Manager

  1. The administrator connects to Unified Manager (UM) web GUI.   
  2. UM looks up the configured IdP for the cluster.
  3. UM redirects the administrator’s browser to the IdP.
  4. The IdP prompts the administrator for credentials. The IdP is responsible for multiple authentication factors.
  5. The IdP verifies the administrator’s credentials in AD.
  6. The IdP issues a SAML assertion, and redirects the administrator’s web browser back to UM.
  7. UM processes the SAML assertion, and then looks up the authorization role from its internal database.
  8. The session is established and UM returns a SAML session token to the administrator’s web browser in the Set-Cookie header. From this point on, the administrator is allowed access to UM using a secure SAML token.


NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.