Overview
The Nasuni Portal (portal.nasuni.com) replaces the existing account.nasuni.com website, offering Nasuni customers a managed Software-as-a-Service platform that retains all the current functionalities of account.nasuni.com. Customers can continue to access features such as:
Nasuni software downloads
Serial Numbers and Authorization Codes (Auth Codes)
Configuring cloud and appliance services
Additionally, the Nasuni Portal supports APIs for all UI functions and emphasizes security with features like:
Granular roles and permissions
Activity Logs for all changes made through the UI and API
Terminology
Nasuni terminology is available in the Nasuni Glossary.
Sign in Page
To ensure secure access to the Portal, Nasuni offers multiple authentication methods to suit an organization’s needs. Users can sign in via Single Sign-On (SSO), which integrates seamlessly with their existing identity provider for streamlined access management. Password authentication is also available for the Nasuni-provisioned administrator account.
.png)
Note: The Nasuni Portal inherits the existing customer accounts and their SSO configurations from the NOC UI (account.nasuni.com). Customers can use their NOC UI (account.nasuni.com) login credentials (SSO, or email address and password) to sign in to the Nasuni Portal.
There are two methods of signing in to the Portal:
Nasuni-registered email and password. This is only available for the Nasuni-provisioned administrator account. Nasuni only supports one built-in account per customer.
Single Sign-On (SSO).
On successful login, you are redirected to the Portal Home page. If the login fails, an error message appears, indicating a problem with the login.
Signing in using the Nasuni Account (email and password)
To sign in with email and password, follow these steps:
Enter the Nasuni-registered Email address and Password.
Click Sign in.
Note: Nasuni enforces multi-factor authentication (MFA) for the Nasuni-provisioned administrator account for security reasons. New customers must enable MFA for their Nasuni-registered accounts before accessing Nasuni Portal. You can also manually enable MFA for your company’s account.
Signing in using Single Sign-On (SSO)
For SSO-configured accounts, users can sign in using SSO.
To sign in with SSO, follow these steps:
Enter the Company name established for your organization for Portal SSO.
For example, an Acme employee would use “Acme”. This name is not case-sensitive.
Click Sign in with SSO. You are redirected to your SSO Identity Provider to authenticate.
As a convenience, you do not have to enter the Company name with every login. The Company name can be embedded into a bookmarked URL, such as: https://portal.nasuni.com/account/login/?name=Acme
Resetting password for Nasuni-registered account
If you forget your password, you can reset it.
To reset your password, follow these steps:
Click “Forgot Password?” above the Sign in button.
Enter the email address associated with your Portal account.
Click “Begin Password Reset”.
Look for an email from Nasuni containing instructions to reset your password.
Open the email and click the provided URL. This takes you to the Portal Password reset page.
On the Password Reset page, create a new password following the required criteria for secure passwords:
Your password cannot be similar to other personal information.
Your password must contain at least 8 characters.
Your password cannot be a commonly used password.
Your password must not consist of a single repeated letter or contain sequences of 4 or more sequential characters.
Your password cannot be the same as any of your last 10 passwords.
Tips for Resetting Your Password
If you cannot find the email with instructions for resetting your password in your main inbox, check your “Other” or spam folder.
When setting your new password, make sure to carefully read the new password criteria so you can address all the requirements on your first try.
Home Page
The Home page is your central entry point to your Nasuni Portal. The Home page provides quick access to commonly visited pages such as the Installs, Serial Numbers, and Account Settings pages.
You can also navigate to Cloud Services and Appliance Services to manage different services, such as the Analytics Connector, File IQ, and S3 Edge.
.png)
Installs
The Installs page is where you can find all available Nasuni software for installation. On the Home page, click Install Software.
Software for all available appliances can be downloaded or launched from relevant cloud marketplaces, including:
Nasuni Edge
Nasuni Management Console (NMC)
File IQ
Nasuni Access Anywhere (NAA)
UniFS as a Service (UaaS)
You can use the appliance filters at the top of the page to search quickly.
Nasuni appliances support multiple platforms, including on-premises and cloud hypervisors.
On-premises hypervisors include:
VMware ESXi
Microsoft Hyper-V
Nutanix AHV
Scale Computing
Cloud hypervisors include:
Microsoft Azure
Amazon Web Services (AWS) EC2
Google Cloud Platform (GCP)
Nasuni Access Anywhere (NAA) supports the following platforms:
VMware ESXi
Microsoft Hyper-V
Linux KVM
Installing Nasuni software
Use the following steps to install Nasuni software:
Select the appliance type and preferred platform.
Download the appropriate software version. Nasuni supports N-2 versions, namely, the current version and the two previous versions.
For cloud hypervisors, you can install Nasuni software directly from the cloud provider’s marketplace.For successful installation, ensure the virtual machine meets the minimum resource requirements listed.
For more details, refer to the Compatibility and Support document.
Tips for getting the most from the Installs page
Check system requirements: Always review the minimum system requirements (such as disk space and memory) to ensure compatibility with your infrastructure.
Select Software versions: Pay attention to available versions and updates to ensure you are downloading an appropriate version. For new installations, use the most recent version. For disaster recovery, use the same or later version.
Serial Numbers
Serial numbers are unique identifiers used to provision, manage, and recover a Nasuni appliance. On the Home page, click Manage Serial Numbers.
Using the Serial Numbers page, you can perform the following actions:
Activate new serial numbers to install an appliance.
View existing serial numbers used by an appliance.
Decommission appliances.
Perform disaster recovery on appliances.
Serial numbers are grouped by product type. Using the appliance type tabs (such as Nasuni Edge), you can explore different sections to locate a serial number.
Alternatively, the search box helps you find serial numbers even faster. You can search by:
Description
Version
Serial number
Note: If your search returns no results, you see a “No results found” message. To try a new search, delete your initial query by clicking the X icon and start again.
If you want additional serial numbers for existing products or to license new products, contact your Nasuni Account Manager. Alternatively, click “Ask for more”, then click Account Manager.
Activating a new Serial Number
If you are activating a new Serial Number (for Nasuni Access Anywhere, see below), follow these steps:
Click ‘Activate New Serial Number’.
The ‘Activate New Serial Number’ pane appears.
On the ‘Activate New Serial Number’ pane, click ‘Select Appliance Type’, then select the appliance type from the drop-down menu.
Copy the Serial Number and the Auth Code.
Deploy a new appliance, as selected.
During the installation wizard, enter the Serial Number and Auth Code when prompted.
After an Auth Code is used, that Auth Code cannot be reused. If needed, you can regenerate Auth Codes associated with the Serial Number.
Note: If you are activating several appliances, be patient because the system might take some time to pair the new serial numbers, especially if you are working with a large number of appliances.
Nasuni Access Anywhere (NAA) Serial Numbers
Nasuni Access Anywhere Serial Numbers are pre-configured with a Description, a set of FQDNs, and a limit on the number of users. Regardless of their status, all pre-configured NAA Serial Numbers are always listed under the NAA product. 
Note: To adjust the configured FQDNs or to change the user limit, contact your Nasuni Account Manager.
In addition to the Description, Version, and Serial Number, the table also includes Status and FQDN for NAA serial numbers. If multiple FQDNs are configured for an NAA serial number, the total number is displayed next to the FQDN.
Hover over or click the number to display a list of all FQDNs in a window.
Decommissioning an appliance
Decommissioning an appliance releases its serial number for reuse. Appliances that own active volumes cannot be decommissioned. You must delete all owned volumes to decommission an appliance.
WARNING: Decommissioning an appliance is irreversible. After an appliance is decommissioned, there is no way to recover it or perform a disaster recovery on it.
Double-check that you no longer need any data from the appliance before decommissioning, because this action cannot be undone.
To decommission an appliance, follow these steps:
For the appliance you want to decommission, select Decommission from the row action menu (3-dot menu) for that appliance.
The Decommission dialog box appears.
To confirm the destructive action, type ‘Decommission Appliance’ in the input field and click Decommission.
The selected appliance is decommissioned.
Appliances that cannot be decommissioned
For appliances that own active volumes and cannot be decommissioned, you must delete all the appliance’s owned volumes before decommissioning the appliance. Attempting to decommission appliances with active volumes results in an error. This error message includes the appliance description, the reasons it cannot be decommissioned, and a list of active volumes owned by the appliance.
To proceed with the decommissioning, follow these steps:
Check for an error message, which can include an appliance description, reasons, and the number of active volumes.
Using the NMC, delete all owned volumes.
Retry the decommissioning process.
Performing a recovery procedure
Note: Although this is often called a “disaster recovery” (or DR), usually the recovery procedure is not due to a disaster, but due to changing platforms or other planned changes.
To perform a recovery procedure, you need a replacement appliance. You can install a new appliance from the Portal-Install page.
Note: Ensure that the replacement appliance has connectivity to the NOC and your cloud object stores.
To perform a recovery procedure, follow these steps:
From the row action menu (3-dot menu), select Perform Disaster Recovery.
The Perform Disaster Recovery pane appears.
Review the information on Perform Disaster Recovery pane, including the following:
Description
Version
Supported recovery software versions
Serial number
Auth code
Click Regenerate.
Within the new appliance installation wizard, input the serial number and the regenerated auth code to recover the appliance. The appliance detects that you are performing a disaster recovery and walks you through the remaining steps.
Tip: To ensure a successful recovery, verify the supported recovery versions before initiating the recovery. You can use the same or later appliance versions for a recovery.
Performing a recovery for NAA appliances
For customers performing a recovery for an NAA appliance, follow these steps:
From the Serial Numbers page, select Nasuni Access Anywhere from the appliance type tabs to view activated NAA appliances.
Select an NAA appliance and click the action menu (3-dot menu) to open the Perform Disaster Recovery pane.
Within the pane, click Regenerate and wait for the new NAA Serial Number to be generated.
Cloud Services
Analytics Connector (NAC)
The Nasuni Analytics Connector (NAC) enables customers to extract more value from their unstructured and semi-structured data stored with Nasuni in third-party cloud storage. It enables greater use of cloud-native Business Intelligence, Search, and Analytics tools provided by AWS and Azure, and to analyze images, videos, documents, and other files.
For more specific information on Analytics Connector, depending on the cloud provider your business uses, see Analytics Connector - Azure or Analytics Connector - AWS.
To use Analytics Connector, you need a license key. This key controls the ability to export data from your Nasuni account. To avoid misuse, keep the license key confidential and only share it with administrators who are allowed to use the Analytics Connector.
Use the following steps to generate a license key:
Navigate to Cloud Services → Analytics Connector.
To create a new license key, click Generate.
Select the Cloud Provider from the drop-down list.
Nasuni Analytics Connector can be used with AWS and Azure.To run the Analytics Connector in AWS, enter a comma-separated list of AWS Account IDs.
Click Launch to complete the setup using the Nasuni Analytics Connector site (Nasuni Analytics Connector).
UniFS as a Service (UaaS)
UniFS as a Service (UaaS) is a Nasuni platform, hosted in a public cloud, that can perform operations directly on the UniFS file system. UaaS provides a set of scalable, portable cloud services, deployed within a customer’s cloud tenancy, that interact with UniFS volumes.
Any Nasuni volume backed by Amazon S3 or Microsoft Azure Blob Storage can be registered with UaaS.
Note: The UaaS service can run in a different cloud from the backing data store.
Tip: If you are getting ready to start and deploy, visit the prerequisite information page.
If you are licensed for UaaS, you can access the Cloud Services → UniFS as a Service page to view the following information:
Stack Name
Provider
Region
Build
Created (Timestamp)
Last Used (Timestamp)
Snapshot Retention as a Service (SRaaS)
Snapshot Retention as a Service (SRaaS ) leverages UniFS as a Service (UaaS) to enforce the configured Snapshot Retention (SR) policy for a volume. SRaaS moves resource-intensive portions of the Snapshot Retention process from the Edge to the cloud service.
If an existing UaaS stack is used for running SRaaS, you can view SRaaS job details by clicking on the Stack name:
Click the Stack name to view Snapshot Retention job details.
View the Following Information:
Volume Name
Start Time
End Time
Error Count
Objects Deleted
Bytes Deleted
If you do not have UniFS as a Service stacks configured, the Portal prompts you to deploy UaaS from the Installs page.
Global File Acceleration API Keys
Nasuni Global File Acceleration (GFA), a component of the Nasuni File Data Platform, accelerates file synchronization across cloud regions or on-premises locations, helping customers to improve file sharing collaboration and optimize workforce productivity.
To learn more about GFA, see Global File Acceleration.
For a GFA-enabled volume, you can monitor data protection and propagation details using open-source Nasuni Grafana Dashboards. These dashboards use the GFA Telemetry API.
The GFA Telemetry API requires a key for authentication.
Creating a GFA API key
To create a GFA API Key, follow these steps:
Navigate to Cloud Services → Global File Acceleration API Keys.
Click Generate API Key.
After an API key has been successfully created, it is displayed on the page, along with Created and Last Used timestamps.
Note: You can generate additional API keys by clicking Generate API Key.
Deleting a GFA API key
You can delete an existing key by clicking the delete icon:
Click the Delete icon next to the API key you want to delete.
The ‘Delete GFA API Key’ dialog box appears.
Complete the destructive action by typing “Delete API Key” in the input field.
Click Delete.
Appliance Services
S3 Edge configuration
Nasuni S3 Edge is a solution for enabling S3 protocol access to UniFS volumes. Nasuni S3 Edge integrates the S3 protocol into the Nasuni Edge Appliance (NEA) in order to support your goals, particularly around write performance. Nasuni S3 Edge is implemented as a new web service that provides an S3 interface concentrating on write throughput.
Version Compatibility: S3 Edge protocol is supported on Edge version 9.14.5 or later.
Volume Type Compatibility: S3 Edge protocol is supported on NTFS Exclusive or Public mode volumes.
To configure existing volumes for communication via the S3 protocol, follow these steps:
Navigate to Appliance Services → S3 Edge Configuration.
.png)
Select “S3 Edge Configuration”.
Enter your S3 Edge configuration settings.
To help follow correct JSON syntax, you can copy the provided Example Configuration (drop-down field) and paste into the free-form field below.
Make sure to configure at least one S3 bucket, which is characterized by the following key pairs in JSON format:
Name - Name of the S3 bucket that shows up in an S3 client when connecting to the S3 Edge service.
Path - Location of where the S3 bucket points to for a given volume, which can be at the root or sub-directory level.
Volume - Exact name of the volume that you want to configure the S3 protocol on.
Make sure to configure at least one S3 user key to access any configured S3 buckets, which is characterized by the following key pairs in JSON format:
Name - Name of the key for internal configuration purposes, which is not seen by end users.
Access - The “username” utilized by end users in their S3 client to connect to the S3 Edge service and configure S3 buckets.
Secret - The “password” utilized by end users in their S3 client to connect to the S3 Edge service and configure S3 buckets.
Click Save.
Tip: Double-check your S3 Edge configuration settings after saving, and copy the configuration to your local computer, because changes can affect user access. To make adjustments, you can always edit, save, or delete the S3 Edge Configuration at any time as needed.
Note: Nasuni automatically saves the S3 Edge configuration for you in the field when you navigate back to the page, except for any “secret” values, which are replaced with “<redacted>” text. If any changes are made, any “<redacted>” text must be replaced as well for new configurations to go through successfully.
Note: Any changes made to your S3 Edge Configuration can take up to an hour to take effect normally, unless the license is refreshed manually using the NMC (Filers → Filer Services → Refresh License).
S3 Edge Service
The S3 Edge Service page enables you to choose which appliances in your account have S3 protocol enabled for end user access. The S3 Edge service is disabled by default for all appliances, to optimize resources on the Edge.
To enable or disable S3 Edge Service for your Edge appliances, follow these steps:
Navigate to Appliance Services → S3 Edge Configuration → S3 Edge Service tab.
Select the Edge Appliances you want to enable or disable.
You can use the Search bar to search for specific Edge Appliances by their name.Click Enable/Disable and choose Enable or Disable from the drop-down list for the selected appliances.
Note: Any changes made to your S3 Edge Service can take up to an hour to take effect normally unless the license is refreshed manually using the NMC (Filers → Filer Services → Refresh License).
File IQ configuration
Nasuni File IQ (NFIQ) provides enhanced visibility and insights into user activities and consumption, as well as proactive data management capabilities to anticipate storage needs.
Prerequisite: An installed File IQ appliance is required to configure the File IQ service.
From the Installs page, download and install a Nasuni File IQ appliance.
From the Serial Numbers page, activate a new Nasuni File IQ serial number. Enter the serial number and auth code when prompted on the File IQ installation wizard.
Refer to the File IQ Configuration Guide to complete the setup for File IQ: Azure | AWS EC2 | Google.
After installing your File IQ appliance and connecting the intended volume, you can manage your volume scans by enabling or disabling the File IQ service from the Portal.
File IQ Service Tab
The File IQ Service running on the File IQ appliance scans connected volumes and processes file system events to generate insights.
The Event Sources column shows the number of Edges assigned to the File IQ appliance to forward file system events. Visit the Edge tab to manage assignments.
For cost and operational reasons, you can enable or disable the File IQ service. By default, the File IQ service is disabled on the File IQ Appliance.
Edge Tab
The File IQ service running on the Edge forwards file system events to the assigned File IQ appliance for data visualization and analysis. Assignment should be based on the volume connection.
Managing File IQ assignment
To manage the File IQ assignment, follow these steps:
Navigate to Appliance Services → File IQ Configuration → Edge tab.
.png)
Select the Edges to update.
Select the File IQ destination where you want the file system events to be forwarded.
To complete setup, click Connect to File IQ.
You can start and stop forwarding file system events to the File IQ appliance.
Click on the Edges, then select Enable or Disable from the drop-down menu.
Note: Multiple Edges can be assigned to a single File IQ appliance.
Activity Logs Page
The Nasuni Portal maintains an audit trail to monitor changes made by users, for security and compliance purposes. This feature enables administrators to track critical actions in the system, ensuring visibility into how users interact with the Portal.
To access Activity Logs from anywhere in the Portal, click your avatar in the top right to open the menu options.
Activity Logs capture what changed in the environment, who performed the change, when the change took place, and more. Activity logs are captured by default and cannot be disabled.
.png)
In the UI, a subset of the captured details is listed for quick assessment:
Date Time: Time when the event took place.
Events are listed in chronological order.
Events: What occurred.
Initiated By:
User who made the update.
Service API Key used for the update.
Target: Appliance Type, such as Portal, Edge, or File IQ.
Target Description: The appliance name associated with the change.
You can view additional change details by clicking on an event.
ID: Unique event identifier.
Timestamp: Time when the event took place.
Event: Change category.
User: User who initiated the change.
Target: Appliance Type, such as Portal, Edge, or File IQ.
Target Description: Appliance name associated with the change.
Source: UI or API.
Source IP: Client IP address.
Search and Filter
Activity logs support searching and filtering for all events.
.png)
Search: Using the search field, you can find events by event type, user name, or target description.
Filters: You can use multiple filters to narrow your results
From Date
To Date
Event
User
Target
Note: Clicking the search/filter icon to the left of the Search box shows or hides the left panel, providing extra space to display activity logs.
Tip: Use multiple filters at once to refine your search results even further. For example, you can combine date ranges with specific event types or users to quickly find the exact activity you are looking for.
Exporting Activity Logs
The Portal can export activity logs via CSV downloads and API requests. Along with the details presented in the UI, exported logs contain additional details on user roles and permissions and change details, depending on the action performed.
In case the changes were performed using a service key, service key details and associated permissions are captured in the logs.
In the UI, you can export the CSV logs using the ‘Download as CSV’ button.
Tip: To narrow down your logs before downloading, use the date range filter, making it easier to focus on specific periods and avoid downloading unnecessary data.
Log Retention
Nasuni retains 365 days of Portal activity logs. Older events are deleted from the system.
Note: Legacy activity log events from actions performed using account.nasuni.com are available upon request.
Tip: To retain logs longer than 365 days, use the Portal APIs or the UI to export activity logs before they expire.
Account Settings Page
On the Account Settings page, you can manage general and security configurations.
General
Update your basic account details and preferences.
Account Information
Under Account Information, you can do the following:
View and edit Contact Details.
Update Email Address.
Change Password.
Roles and Permissions
Nasuni Portal supports Role-Based Access Control (RBAC). With RBAC, you can create custom roles that have only the necessary permissions to view and/or edit specific features. You can also limit sensitive actions—such as decommissioning an appliance or managing service keys—to authorized users only, helping to maintain regulatory compliance.
For quick start-up and onboarding, Nasuni also supports the following preset roles:
Account Owner: This role is assigned to the native user only (signing in using email ID and password).
By default, all permissions are enabled for the Account Owner role.
Apart from the Account Owner role, which is mapped to the native user, all other roles need an SSO Group association.
Super User: A role that provides view and edit access to all products and features. This role is not editable.
Read-Only: This role provides view-only access to all products and features. Users assigned to this role cannot configure or update anything on the Portal. This role is not editable.
SSO Default: A baseline role that grants a set of permissions to any logged-all SSO users when they log in.
If an SSO user with a matching SSO Group is not part of any group mapped to a role, they receive only the SSO Default permissions.
If an SSO user is part of one or more groups mapped to roles, they receive SSO Default permissions plus all permissions from those roles.
By default, no permissions are enabled for this role.
For the SSO Default role, Portal inherits the existing permissions from the NOC UI (account.nasuni.com).
Tip: For a better security posture, you can disable all permissions for the Account Owner role after SSO is configured for the account. This forces all users to use SSO credentials to log into Nasuni Portal.
Custom Roles
Nasuni Portal also supports custom roles where admins with IAM permissions can create new roles with finer permissions and edit existing ones. 
To create a new role, follow these steps:
Navigate to the Account Settings → Roles and Permissions tab.
Click “New Role”.
Enter the Name (required) for the new role.
Add the ‘Associate SSO Groups’ for the role.
Search for, or scroll through, permissions you want to grant access to.
Permissions are grouped by categories. You can also filter by category.Activate/Deactivate the intended permissions.
You can activate/deactivate all permissions for a category.Review your changes.
Click Save to create the new role.
Editing an existing role
From the Roles and Permissions page, follow these steps:
Select a role you want to edit.
Click Edit.
Update the permissions set.
Save your changes.
Deleting or Duplicating a Role
Select the Role you want to delete or duplicate.
Click the three-dot menu (…) next to the role.
Click the Delete icon.
Confirm deletion by typing “Delete Role”.
Security
Review and adjust your security settings to protect your account.
Multi-Factor Authentication (MFA) for Account Owner
Enabling multi-factor authentication (MFA) for the account owner (native user) adds an extra layer of protection to your Nasuni Account. MFA requires a second verification step, such as an authenticator app, ensuring that your Nasuni account stays secure even if your password is compromised. MFA only applies to the Nasuni Account. For SSO accounts, MFA must be configured using the customer’s Identity Provider (IdP).
Enabling MFA for the Account Owner
To enable MFA for the Account Owner, follow these steps:
Go to <Your Avatar> → Account Settings → Multi-Factor Authentication.
Enable MFA using the toggle.
.png)
To generate a one-time code, scan the QR code using your preferred authenticator app (such as (Google Authenticator, Microsoft Authenticator, or Okta Verify).
On the Multi-Factor Authentication Page, enter the generated 6-digit code from your authenticator app.
Click Validate.
If the authentication is successful, you are allowed to proceed to the Portal home page. Subsequent login attempts with registered email and password prompt you for an MFA token.
If the authentication is unsuccessful, you can rescan the QR code and request a new one-time code.
Note: MFA cannot be disabled after it is enabled. To reset MFA or temporarily disable it, contact Nasuni Support.
For security reasons, Nasuni requires new customers to enable MFA before they are granted access to any other pages.
Enabling MFA for New Customers
For security reasons, Nasuni requires new customers to enable MFA before they are granted access to any other pages.
To enable MFA for New Customers, follow these steps:
Visit portal.nasuni.com and sign in to the Portal using your new Nasuni credentials.
After successfully signing in to the Portal, you are prompted to scan a QR code using your preferred authenticator app (Google Authenticator, Microsoft Authenticator, Okta Verify) to generate a one-time code.
On the Multi-Factor Authentication Page, enter the generated 6-digit code from your authenticator app.
Click Validate.
If the authentication is successful, you are allowed to proceed to the Portal home page. Subsequent login attempts with registered email and password prompt you for an MFA token.
If the authentication is unsuccessful, you can rescan the QR code and request a new one-time code.
Note: MFA cannot be disabled after it is enabled. To reset MFA or temporarily disable it, contact Nasuni Support.
For security reasons, Nasuni requires new customers to enable MFA before they are granted access to any other pages.
Single Sign-On (SSO) Authentication
Nasuni supports Single Sign-On (SSO) for a seamless login experience for admins, stronger access control, and visibility. Using SSO, you can leverage our granular permissions and enforce role-based access.
The Administrator can set up SSO for their company in the Portal with several different methods.
Configuring SSO for Portal using Okta
To configure SSO for Portal using Okta, follow these steps:
In Okta, create an App for Portal with the following parameters:
Sign-in method: OIDC – OpenID Connect
Application type: Web Application
Login initiated by: Either Okta or App
Sign-in redirect URI(s):
Initiate login URI:
Assign the users or groups that can log into Portal.
If using group/roles, set an appropriate Groups claim expression and a claim for an ID Token with Userinfo / id_token request.
After Step 1 is completed, you can sign in to portal.nasuni.com using your Account Owner credentials.
Navigate to <Your Avatar> → Account Settings → Single Sign-On tab under Security.
Fill in the following details:
Company Name
SSO Provider: Okta
Enter Client ID from the Okta Portal app.
Enter Client Secret from the Okta Portal app.
Key Details - Key details in an SSO setup include the following:
Identity Provider (IdP) configuration
Service Provider (SP) settings
SAML endpoints (login URL, logout URL)
authentication method (such as SAML)
encryption certificates
user attribute mapping
Click ‘Save and Verify’.
Note: Changes to SSO configurations are always verified. To verify, you are prompted to authenticate using the save SSO configuration.
Configuring SSO for Portal using Microsoft Azure AD
To configure OktaSSO for Portal using Microsoft Azure AD, follow these steps:
In Azure AD, create an app for Portal with the following parameters:
Web type Redirect URIs:
Assign the users or groups that can log into the NOC.
To create this app, follow these steps:
Log in to portal.azure.com.
In the Azure portal, on the left navigation panel, click Microsoft Entra ID.
On the + Add tab, click App registration.
.png)
On the Register an application panel, enter the following information:
* Name: This is a user-facing display name for this app. You might include information such as “Portal”, “SSO”, the company, the department, or the date. Users of your app might see the display name when they use the app. You can change the display name at any time.* Supported account types: Select “Accounts in this organizational directory only”.
* Redirect URI (optional): Use the redirect URIs from above:
e. Click Register. This completes the initial app registration.
Note: To add multiple URIs to a new or existing app registration, you must find the registered app and add other URIs, using these steps:
In the Search field, type and select “App registrations”.
Select your registered application, such as “Portal-SSO-2025”.
Under the Manage section, click Authentication.
In the Redirect URIs section, you can add multiple URIs. Click Add URI and input the additional URI you need. After adding the URIs, click Save.
f. When the registration finishes, the Azure portal displays the app registration’s Overview pane.
g. Copy the Application (client) ID.
h. Copy the Directory (tenant) ID.
i. In the left column, click Certificates & secrets. The Certificates & secrets page appears.
j. Click New Client Secret.
i. Enter a Description for this secret, such as “Portal SSO secret 2024”.
ii. From the Expires drop-down list, select when the secret expires, such as 24 months.
iii. Click Add. The new secret is created and appears in the list of Client secrets.
k. From the list of Client secrets, copy the Value.
l. In the left column, click API Permissions. The API Permissions page appears.
m. Add the 5 displayed API Permissions for Microsoft Graph, then click “Grant admin consent for <organization>”.
n. Navigate to the “Users and groups” page.
o. Add the required users and groups in your organization whom you want to give access to the Portal.
p. If you do not give full consent to a user and group, when they attempt to log in to the Portal using SSO, they might see a dialog box such as this.
q. If this happens, select “Consent on behalf of your organization” and click Accept.
Log in to portal.nasuni.com using the Account Owner credentials.
Navigate to <Your Avatar> → Account Settings → Single Sign-On tab under Security.
Fill in the following details:
• Company Name.• SSO Provider: Microsoft.
• Client ID: Enter the Application (client) ID.
• Enter the Client Secret.
• Key Details - Key details in an SSO setup include the following: Identity Provider (IdP) configuration, Service Provider (SP) settings, SAML endpoints (login URL, logout URL), authentication method (such as SAML), encryption certificates, and user attribute mapping.
Click ‘Save and Verify’.
Changes to SSO configurations are always verified. To verify, you are prompted to authenticate using the save SSO configuration.
SSO Authentication
The Administrator can set up SSO for their company in the Portal by navigating to Account Settings and selecting “Single Sign-On” from the Options menu.
To configure Single Sign-On, follow these steps:
Navigate to <Your Avatar> → Account Settings → Single Sign-On tab under Security
Fill in the following details:
Company Name.
SSO Provider: Select either Okta or Microsoft Entra ID.
Client ID.
Client Secret.
Key Details - Key details in an SSO setup include the following: Identity Provider (IdP) configuration, Service Provider (SP) settings, SAML endpoints (login URL, logout URL), authentication method (such as SAML), encryption certificates, and user attribute mapping.
Click ‘Save and Verify’.
Changes to SSO configurations are always verified. To verify, you are prompted to authenticate using the save SSO configuration.
Note: To configure Okta or Microsoft Auth, see Single Sign-On (SSO) for NOC Accounts.
Note: Key details in an SSO setup include the following: Identity Provider (IdP) configuration, Service Provider (SP) settings, SAML endpoints (login URL, logout URL), authentication method (such as SAML), encryption certificates, and user attribute mapping.
API Key Management
Nasuni supports two different authentication mechanisms to use and take advantage of the Portal’s APIs. It allows Nasuni Admins to create Service Keys and User Keys.
Service Keys: A long-lived API key that does not expire, used for machine-to-machine authentication. Service keys can be associated with specific roles and permissions for granular access control, ensuring secure and scoped access to APIs.
Expiration: Service Keys do not expire. Admins can delete and rotate Service Keys.
User Keys: A short-lived authentication token issued to a logged-in user. User tokens inherit the user’s permissions and provide access based on their assigned roles. These keys can be used for user-driven API interactions.
Expiration: User keys expire after 8 hours. After expiration, User Keys are cleared from the UI.
Starting with API Key management
To start with API Key management, follow these steps:
Click your avatar on the upper right of the Portal page.
Select Account Settings.
Under Security, click API Key Management.
Service Keys
Service Keys are tied to existing roles and permissions. For tighter security and auditing, you can create API-specific roles with restrictive permissions.
The Portal makes it easy to create Service Keys. To get started:
Click Create a User Key.
In the pane that opens, enter a Key Name (such as “ACME Corp API”).
Select as many roles as applicable from the role selection list.
Click Create.
Copy the Key and Secret generated by the Portal.
Note: Save the Secret somewhere safe and accessible. For security reasons, you cannot view it again. If you lose this Secret, you must generate a new Service Key.
The following Service Key details are captured in the table:
Key Name
Key Value
Secrets are only shown once at the time of key creation and cannot be recovered.Roles: List of assigned roles to the API key.
Date Created: Timestamp of when the API key was created
Last Accessed: Timestamp of when the API key was last used.
Copying, Editing, or Revoking a Service key
Revoking a User Key immediately blocks subsequent API calls made using that key.
The Portal allows you to copy, edit, or revoke any Service Key. To get started:
Click on the three-dot (…) menu option next to the Service Key.
Select Copy key, Edit, or Revoke
User Keys
Similar to Service Keys, you can easily generate User Keys for user-level API access. To get started:
Under User Keys, click “Create User Key”.
Click Create.
Copying or revoking a User Key
Users who generate their user keys can also revoke them. Nasuni admins with ‘Delete User API Keys’ permission can delete other user’s API keys.
Revoking a User Key immediately blocks subsequent API calls made using that key.
The Portal allows you to copy or revoke User Keys. To get started:
Click the three-dot (…) menu option next to the User Key.
Select Copy or Revoke.
Nasuni Customer Academy
The Nasuni Customer Academy contains computer-based trainings and video resources for Nasuni products. Self-paced courses are organized in modules that include comprehensive, technical reference materials that support product use, configuration, and troubleshooting. Brief individual task-based videos explain concepts and quickly walk users through step-by-step instructions. New courses are added frequently and are made available to registered users immediately upon release. For more information, click here.
.png)
Registration is simple and only requires your name, email address, and job title. You will need to create a password as the Customer Academy does not share credentials with the Portal. Save your password to be automatically signed in upon return. Register and log in here.
.png)
FAQs
What features are available in the Nasuni Portal?
The Nasuni Portal offers all the functionalities of the previous account.nasuni.com website, including:
Downloading Nasuni Software
Managing Serial Numbers
Configuring Cloud and Appliance Services
What security features are included in the Nasuni Portal?
The Nasuni Portal emphasizes security with features like:
Role-based access control (RBAC), including granular roles and permissions.
Activity Logs for tracking all changes made through the UI and API
SSO Integration
MFA support for the Nasuni account.
What authentication methods are available for logging into the Nasuni Portal?
Users can log into the Nasuni Portal using either:
Single Sign-On (SSO), which integrates with your existing identity provider for easy access.
Email and password authentication for the built-in Nasuni account. We recommend configuring MFA for the Nasuni-provided admin account.