Two-Factor Authentication
Two-factor authentication provides an extra level of security for the Oracle® Enterprise Session Border Controller (E-SBC) by requiring users to enter a Passcode during login, in addition to their Username and Password credentials. Two-factor authentication applies to the Super User for both local and SSH login to the ACLI, and for HTTPS login to the Web GUI.
The two-factor authentication option requires the Admin
Security feature be provisioned, and you must enable the option by setting
login-auth-method
to "two-factor" and
saving the configuration. After you set "two-factor" and save the
configuration, the
E-SBC prompts you to set
the Passcode.
The following illustrations show the user login experience on the Web GUI after you enable two-factor authentication.
Passcodes must conform to the length and strength requirements specified in "Enable Two-Factor Authentication."
When you want to change the Passcode in the future, use the secret command that you also use for changing the Username and Password.
You can enable two-factor authentication only from the ACLI.
Two-factor authentication does not support RADIUS, TACACS, and HTTP.
Enable Two-Factor Authentication
To enable two-factor authentication for local or SSH login, you must set two-factor as the login authentication method and set the required Passcode.
- Import the local certificate and the local certificate CA into the E-SBC
- Configure the Web server for HTTPS
- Install the Admin Security license
A passcode must meet the following length and strength requirements:
- contain only upper and lower case alphabetical letters, numbers, and punctuation characters.
- contain a minimum of fifteen characters.
- contain two lower-case alphabetical letters.
- contain two upper-case alphabetical letters.
- contain two numerals.
- contain two special characters.
- not contain, repeat, or reverse the user name.
- not contain three of the same characters used consecutively.
- differ from the previous passcode by at least four characters.
- differ from the last three previous passcodes.
- not change more than once every 24 hours.