Two-factor authentication of a CPE device

You can use two-factor authentication to register the CPE device securely. Two-factor authentication records a token (security key) to the orchestrator database; the token is then placed on the CPE device using the URL with basic settings. Registration succeeds if, when the CPE device connects to the orchestrator, the token placed on the device matches the CPE token in the orchestrator database.

You cannot use two-factor authentication for a CPE device that is already registered.

To use two-factor authentication for a CPE device:

  1. In the menu, go to the SD-WAN → CPE section.

    A table of CPE devices is displayed.

  2. Click the CPE device for which you want to use two-factor authentication.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon expand_panel_up_icon_2. By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

  3. Select the Activation tab.

    Two-factor authentication settings are displayed.

  4. In the Two-factor authentication drop-down list, select Enabled. The default value is Disabled.
  5. If you want to generate a new token, click Generate under the Token field.
  6. In the upper part of the settings area, click Save to save CPE device settings.

See also

Scenario: Automatic registration (ZTP) of a CPE device
Page top