Two-factor authentication of a CPE device

You can use two-factor authentication to register the CPE device securely. When two-factor authentication is enabled, a token (security key) is recorded in the orchestrator's database; you must then place this token on the CPE device when registering using the Zero Touch Provisioning technology. Registration succeeds if, when the CPE device automatically connects to the orchestrator, the token placed on the device matches the CPE token in the orchestrator database.

You cannot use two-factor authentication for a CPE device that is already registered.

To use two-factor authentication for a CPE device:

  1. In the menu, go to the SD-WAN → CPE section.

    A table of CPE devices is displayed.

  2. Click the CPE device for which you want to use two-factor authentication.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon expand_panel_up_icon_2. By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

  3. Select the Activation tab.

    Two-factor authentication settings are displayed.

  4. In the Two-factor authentication drop-down list, select Enabled. The default value is Disabled.
  5. If you want to generate a new token, click Generate under the Token field.
  6. In the upper part of the settings area, click Save to save CPE device settings.

See also

Scenario: Automatic registration of a CPE device using the Zero Touch Provisioning technology.
Page top