BlueXP Blog

Using Cloud Manager REST APIs with Federated Access

Written by Aviv Degani, Cloud Solutions Architecture Manager, NetApp | Apr 11, 2019 8:21:31 AM

NetApp Cloud Manager is the deployment and management tool for Cloud Volumes ONTAP, NetApp’s data management solution that provides protection, visibility, and control for your hybrid cloud-based workloads on AWS and Azure. One of the biggest benefits of using Cloud Manager is the ability to carry out all of its functions with RESTful API calls. This capability gives software developers a direct way to automate and orchestrate their cloud storage with NetApp.


There is an application programming interface (API) call for every action that is available from the user interface in Cloud Manager. These are essentially a way for developers to operate the Cloud Manager infrastructure as code instead of relying on manual work and the GUI.


In the video below, we’ll walk you through every step of configuring federated access for API calls for Cloud Manager and NetApp Cloud Central.

What Is Federated Access?

Federated access gives developers a way to access multiple domains both in and outside of the company’s domain, with no need to juggle between multiple sign-ins and identity management systems. With the decentralization of the data center and the rise of the cloud, this kind of access is more important in simplifying working processes without compromising security and access control.

What is the difference between federated access and SSO?

In enterprise environments with multiple teams, multiple users, and multiple systems it can be cumbersome to deal with so many logins. Single sign-on (SSO) is a single log-in process for a set of related tools within a single identity domain, i.e. the same enterprise organization. But what if you have to access domains outside of the in-house network? That’s where federated access comes in.


Federated access gives users a federated identity that allows them to access resources deployed in multiple identity domains, across separate enterprise organizations, that each have their own identity management systems. Federated access works based on a trust relationship between an authenticating party and the relying party, where the latter trusts the former to authenticate and authorize users on its behalf. Every domain manages its own passwords and credentials, without sending this information across to other domains or third parties for authentication.


Without federated access, users would have to switch between multiple SSOs, which kind of defeats the purpose of having a “single” sign-on. If you have applications spanning multiple domains, which is usually the case with hybrid and multicloud environments, federated access is required for seamless access to all of them.

Benefits of Federated Access

  • Fewer passwords to remember.
  • Faster access for the entire developer team.
  • Seamless access in multicloud and hybrid environments.
  • All passwords are managed by your IT team, not a third party.

Federated Access and API Calls

The use of APIs across SSO domains is only possible via with federated access. Federated access for NetApp’s API interfaces is possible through the use of access tokens. Users who log in using a federated user account can generate an access token and use this token to make API calls for authenticated endpoints of both for Cloud Manager and the NetApp Cloud Central orchestrator.

Configuring Federated Access for APIs in Cloud Manager

This video shows how to generate the refresh tokens that will make it possible for you to run API calls on Cloud Central and Cloud Manager.


Watch the video below to get step-by-step instructions on how to:


  • Log in and enter the My Services page on Cloud Central.
  • Access all the API documentation on Cloud Central for easy reference.
  • Authenticate your access to the API. There are two steps in this process, both of which will be explained:
    • How to generate Refresh Tokens for Cloud Central and for Cloud Manager, and
    • How to generate Access Tokens from Refresh Tokens.
  • Run an API call using the Access Token generated in the previous step.


As the video shows, this process applies for both Cloud Manager and NetApp Cloud Central. There’s also an important message about the different kind of audience type and client ID that might be needed to set up federated authentication.


To use NetApp’s API across SSO domains, you need to get federated access via access tokens. APIs benefit users by giving them access to all of the features of Cloud Manager and Cloud Volumes ONTAP via scripting and code. Federated access allows you to extend those infrastructure-as-code capabilities, making it easier for developers to manage and automate their virtual stacks and speed up the entire development process.


You can find out more about using APIs for Cloud Manager, Cloud Volumes ONTAP, and all of NetApp’s products in the API documentation here.