Go to main content

Oracle® MiniCluster S7-2 Administration Guide

Exit Print View

Updated: October 2021
 
 

Enable One-Time Password (OTP) Authentication (BUI)

OTP authenticates a user for a single login or session. OTP supports strong two-factor authentication based on IETF standards, and supports both time and counter-based password. OTP requires access to something a person has (such as a specific mobile device) as well as something a person knows (such as a PIN). OTP is not vulnerable to replay attacks, so it is more secure than a traditional static password.

OTP-based authentication is available for App and DB VMs. If you chose to enable OTP for a user, it is enforced by users registered with the Tenant Administrator role. The users created as primary, secondary, and auditor roles do not support the use of OTP.

You can use SSH to access App and DB VMs with OTP. During the SSH access, the Solaris environment prompts you for your Solaris password, then for the OTP from your mobile authenticator application. You can use the Oracle Mobile Authenticator App or the Google Authenticator App, and you can freely download them from the Apple iOS and Google Android App stores. Oracle MiniCluster's OTP conforms to the HMAC-based and time-based specifications for a OTP, and will work with any authenticator application that conforms to these specifications.

  1. On your mobile device, download the Oracle Mobile Authenticator application.

    You can use the Oracle Mobile Authenticator App or the Google Authenticator App, and you can freely download them from the Apple iOS and Google Android App stores.

  2. Access the MCMU BUI as a new user with the Tenant Administrator role.

    See Log in to the MCMU BUI.

    If an existing user with the Tenant Administrator role will use OTP, you must delete the user account and create a new one. For instructions, see Create a New MCMU User (BUI).

  3. On the login page, enter your user name and password.

    To use OTP, your user account must be configured with the Tenant Administrator role. See Step 3 in Create a New MCMU User (BUI).

  4. Create a new password for your account and click Change Password.

    Type a new password. See MCMU Password Policies.

  5. In the upper right corner, click your user name and choose Get OTP Secret.
    Tip  -  If you do not see Get OTP Secret in the drop-down menu, verify that you are logged in with a user account with Tenant Administrator privileges.

    image:Screen shot showing how to click the user name and then choose Get OTP Secret.

    The secret keys for all available VMs are displayed.


    image:Screen shot shows secret keys for all VMs.
  6. On your mobile device, open the Oracle Mobile Authenticator app and click Enter Provided Key.
  7. On your mobile device, type the zone name and OTP secret key from Step 5.

    Include the spaces in the OTP key.


    image:Screen shot showing the name or IP address and the key on the mobile device.
  8. On your mobile device, click Add Account.
    Tip  -  If you do not see the Add Account button on your mobile device, swipe up to remove the keyboard.

    After you enter this information, the Oracle Mobile Authenticator starts to generate OTP codes every minute to access the VM.


    image:Screen shot showing the OTP on the mobile device.
  9. Log into the MCMU BUI with your user name and the OTP password from your mobile device.
  10. Use SSH to verify that access to the VM was granted with the OTP.

    For example, type your Oracle Solaris password and the OTP that was provided. 

    # ssh Dena_tadmin@192.0.2.0
MiniCluster Setup successfully configured
Password: 
OTP code: 
Last login: Mon May 17: 9:40:48 2017
ABC Corporation   SunOS5.11   11.3  May 2017
MiniCluster Setup successfully configured
Copyright © 2019, 2021, Oracle and/or its affiliates.  
Previous
Next