Two-Factor Authentication

Two-factor authentication provides an extra level of security for the Oracle® Enterprise Session Border Controller (E-SBC) by requiring users to enter a Passcode during login, in addition to their Username and Password credentials. Two-factor authentication applies to the Super User for both local and SSH login to the ACLI, and for HTTPS login to the Web GUI.

The two-factor authentication option requires the Admin Security feature be provisioned, and you must enable the option by setting login-auth-method to "two-factor" and saving the configuration. After you set "two-factor" and save the configuration, the E-SBC prompts you to set the Passcode.

The following illustrations show the user login experience on the Web GUI after you enable two-factor authentication.

This image is a screen capture of the user login dialog, showing the passcode field that displays when you enable two-factor authentication.

This image is a screen capture of what the system calls the previous login confirmation screen, which displays after the user enters the correct login information.

Passcodes must conform to the length and strength requirements specified in "Enable Two-Factor Authentication."

When you want to change the Passcode in the future, use the secret command that you also use for changing the Username and Password.

You can enable two-factor authentication only from the ACLI.

Two-factor authentication does not support RADIUS, TACACS, and HTTP.

Enable Two-Factor Authentication

To enable two-factor authentication for local or SSH login, you must set two-factor as the login authentication method and set the required Passcode.

  1. Import the local certificate and the local certificate CA into the E-SBC
  2. Configure the Web server for HTTPS
  3. Install the Admin Security license

A passcode must meet the following length and strength requirements:

  • contain only upper and lower case alphabetical letters, numbers, and punctuation characters.
  • contain a minimum of fifteen characters.
  • contain two lower-case alphabetical letters.
  • contain two upper-case alphabetical letters.
  • contain two numerals.
  • contain two special characters.
  • not contain, repeat, or reverse the user name.
  • not contain three of the same characters used consecutively.
  • differ from the previous passcode by at least four characters.
  • differ from the last three previous passcodes.
  • not change more than once every 24 hours.
  1. Access the login-config object.
    Configuration, security, admin-security, login-config.
  2. In the Modify Login Config dialog, select two-factor from the Login Auth Method drop-down list.
  3. Click OK.
  4. Save the configuration.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents