Login
- Released At: 31-10-2024
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
Unified Platform Two-Factor Authentication
Configuration Examples
Document version: 5W106-20241025
Software version: E0715
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Example: Configuring two-factor authentication
Authentication method configuration
Google dynamic password authentication
FEITIAN dynamic password authentication
Selecting multiple authentication methods
Introduction
Two-factor authentication is a security measure that authenticates user identity by requiring users to provide two different types of authentication factors. The first authentication factor is username and password. The second authentication factor can be graphic code (CAPTCHA code), SMS verification code, Google dynamic password, FEITIAN dynamic password, or third-party authentication method. Two-factor authentication effectively prevents malicious attackers from illegally logging in by obtaining a user's username and password.
Usage guidelines
Application scenarios
Enable two-factor authentication in any network environment that requires enhanced security, such as data center, campus network, or WAN.
Prerequisites
· If two-factor authentication includes SMS authentication, you must configure the correct mobile number and make appropriate configuration in SMSC Settings. Otherwise, you cannot enable the SMS authentication method in two-factor authentication settings.
· If two-factor authentication includes Google dynamic password authentication, you must configure the correct email address and make appropriate configuration in Mail Server Settings. Otherwise, you cannot enable the Google dynamic password authentication method in two-factor authentication settings.
· If two-factor authentication includes FEITIAN dynamic password authentication, you must set up and configure the FEITIAN server before selecting this authentication method. Otherwise, you cannot receive FEITIAN dynamic passwords after logging out, preventing you from logging in again.
Restrictions and guidelines
When configuring two-factor authentication, follow these restrictions and guidelines:
· To ensure successful login after you enable SMS authentication, do not arbitrarily delete or edit the operator's phone number.
· To ensure successful login after you enable dynamic password authentication, do not arbitrarily delete or edit the operator's email address.
Example: Configuring two-factor authentication
Configuration summary
On the top navigation bar, click System. From the navigation pane, select System Settings > Authentication Settings to access the authentication settings page. Expand the Two-Factor Authentication Settings area, where the supported authentication methods are displayed, including the graphic code authentication, SMS authentication, Google dynamic password authentication, and FEITIAN dynamic password authentication.
Figure 1 Two-factor authentication methods
|
|
NOTE: After Unified Platform is installed, two-factor authentication is disabled by default. To enable two-factor authentication, go to the two-factor authentication settings to select the authentication methods. The two-factor authentication settings take effect the next time you log in. |
Authentication method configuration
Graphic code authentication
1. To enable graphic code authentication, unfold Two-Factor Authentication Settings, select Graphic Code Authentication as the authentication method, and then click OK.
Figure 2 Enabling graphic code authentication
2. After graphic code authentication is enabled, the login page displays a graphical CAPTCHA as shown in Figure 3.
Figure 3 Login interface after graphic code authentication is enabled
3. To successfully log into the system, users must enter the correct username, password, and CAPTCHA code.
SMS authentication
1. To enable SMS authentication, unfold Two-Factor Authentication Settings, select SMS Authentication as the authentication method, and then click OK.
Figure 4 Enabling SMS authentication
|
|
NOTE: To enable SMS
authentication, you must configure the correct mobile number and make
appropriate configuration in SMSC Settings. To configure the mobile number for the current operator, go to the
operators list, and then click the |
2. After SMS authentication is enabled, the login page displays the SMS authentication option, as shown in Figure 5.
Figure 5 Login interface after SMS authentication is enabled.
3. After entering the correct username and password, click Send Verification Code to send a verification code. Then, enter the code received on your phone into the input box to log in to the system.
Google dynamic password authentication
1. To enable Google dynamic password authentication, unfold Two-Factor Authentication Settings, select Google Dynamic Password Authentication as the authentication method, and then click OK.
Figure 6 Enabling Google dynamic password authentication
|
|
NOTE: To enable Google dynamic password
authentication, you must configure the correct email address and make
appropriate configuration in Mail Server Settings.
To configure the email address for the current operator, go to the operators
list, and then click the |
2. After the configuration, do not log out. Navigate to Operator Management > Operators, then click the send key icon in the Actions column for the current operator to send the key, as shown in Figure 7.
Figure 7 Sending a key in the operators list
3. The operator's mailbox will receive this key.
4. Download the Google Authenticator app on your mobile device. You can customize the account name and enter the content from your email into the secret key field. Click Add.
5. Open the Google Authenticator app homepage to get the verification code, as shown in Figure 8.
6. Open the login page, and enter the correct username and password. Then, enter the verification code in the dynamic password field to log in to the system, as shown in Figure 9.
Figure 9 Login interface after Google dynamic password authentication is enabled
FEITIAN dynamic password authentication
1. In two-factor authentication settings, click the Edit link next to the FEITIAN Dynamic Password Authentication method. On the window that opens, configure the FEITIAN OTP server information, including the IP address and port number.
Figure 10 Configuring FEITIAN server information
2. Click OK.
Figure 11 Enabling FEITIAN dynamic password authentication
3. After FEITIAN dynamic password authentication is enabled, the login page will display the FEITIAN dynamic password field, as shown in Figure 12.
Figure 12 Login interface with FEITIAN dynamic password authentication
4. To successfully log into the system, users must enter the correct username, password, and FEITIAN dynamic password. View and obtain the dynamic password from the FEITIAN mobile token app, as shown in Figure 13.
Figure 13 Dynamic password on the Mobile Token app client
Custom authentication
In the two-factor authentication settings, click the Custom link to configure custom authentication, as shown Figure 14.
· Authentication Profile Name: Name of the custom two-factor authentication.
· Request Address: The interface address for the custom two-factor authentication. It is the domain name or IP address of a third-party authentication.
· Request Method: HTTP request method. Select either POST or GET based on actual requirements. The default is POST.
· Request Body: (Optional.) Connection parameters for third-party authentication. Configure it as needed.
· Request Header: (Optional.) Header for messages requesting connection to third-party authentication. Configure it as needed.
· Response Body Criterion: (Optional.) Successful response body from third-party authentication. If the response matches the specified content, the system determines that the third-party authentication succeeds. If you leave this field empty, the system does not check the respond body from the third-party authentication. Configure this field as needed.
· Status Code Criteria: Enter the status code returned after a successful request.
Figure 14 Custom authentication configuration
Selecting multiple authentication methods
1. In two-factor authentication settings, you can select multiple authentication methods simultaneously, as shown in Figure 15.
Figure 15 Selecting multiple authentication methods
2. This example selects graphic code authentication and Google dynamic password authentication. Select both Graphic Code Authentication and Google Dynamic Password Authentication, and then click OK. Exit to the login page.
Figure 16 Login page with multiple authentication methods enabled
3. Click the Graphic Code Authentication or Google Dynamic Password Authentication link below the Log In button to switchover the login mode.
Figure 17 Switching the login mode
4. You can log in to the system after you pass either of the authentication methods.
