- play_arrow Managing E-Mail
- play_arrow Managing Authentication
- play_arrow Managing Tenants
- Tenant Overview
- Full Mesh Topology Overview
- Understanding Specific Route-based Routing Within the SD-WAN Overlay
- About the Tenants Page
- Adding a Single Tenant
- Edit Tenant Parameters
- Importing Data for Multiple Tenants
- Allocating Network Services to a Tenant
- Viewing the Create History of Imported Tenant Data
- Delete a Tenant
- Viewing the History of Deleted Tenant Data
- Dynamic Mesh Tunnels Overview
- Configuring Dynamic Mesh Tunnel Thresholds for all Tenants
- Updating the Terms of Use
- play_arrow Managing Operating Companies
- play_arrow Managing Resources
- About the POPs Page
- Creating a Single POP
- Importing Data for Multiple POPs
- Viewing the History of POP Data Imports
- Viewing the History of POP Data Deletions
- View the History of Device Data Deletions
- Manually Importing Provider Hub Sites
- About the Tenant Devices Page
- About the Provider Hub Devices Page
- Add a Provider Hub Device
- Edit Provider Hub Site Parameters
- Manage a Provider Hub Device
- Upgrade a Provider Hub Device
- Delete a Provider Hub Site
- Perform Return Material Authorization (RMA) for a Provider Hub Device
- Grant Return Material Authorization (RMA) for a Provider Hub Device
- Generate Device RSI for Provider Hub Devices
- Managing a Tenant Device
- Device Redundancy Support Overview
- Viewing the History of Tenant Device Activation Logs
- Secure OAM Network Overview
- Secure OAM Network Redundancy Overview
- Rebooting Tenant Devices and Provider Hub Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- Device Template Overview
- Multi-Service Shared Bearer Overview
- About the Device Template Page
- Cloning a Device Template
- Importing a Device Template
- Configuring Template Settings in a Device Template
- Updating Stage-2 Configuration Template in a Device Template
- Configuring Stage-2 Initial Configuration in a Device Template
- Modifying a Device Template Description
- Deleting a Device Template
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- APN Overview
- Configuring APN Settings on CPE Devices
- Device Images Overview
- About the Device Images Page
- Staging an Image
- Deploying Device Images to Devices
- Uploading a Device Image
- Deleting Device Images
- Network Services Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Allocating a Service to Tenants
- Removing a Service from Tenants
- play_arrow Managing Signatures
- Signature Database Overview
- About the Signature Database Page
- Downloading a Signature Database
- Download Locations for Signature Database
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- play_arrow Managing Profiles
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the Application Traffic Type Profiles Page
- Predefined Application Traffic Type Profiles
- Add Traffic Type Profiles
- Edit and Delete Application Traffic Type Profiles
- SLA Profiles and SD-WAN Policies Overview
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Editing and Deleting Breakout Profiles
- play_arrow Managing Licenses
- play_arrow Managing Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Administration Portal
- Add Service Provider and OpCo Users
- Edit and Delete Service Provider Users and OpCo Users
- Resetting the Password for Service Provider, OpCo, and Tenant Users
- Roles Overview
- About the Roles Page
- Add User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Edit, Clone, and Delete User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Access Privileges for Role Scopes (Operating Company and Tenant)
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
- play_arrow Monitoring
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Creating and Managing Security Alerts
- About the Alarms Page
- BGP Alarms on Provider Hubs
- Monitoring Support for LTE Links on Dual CPEs
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Multitenancy
- About the SLA Performance of All Tenants Page
- About the SLA Performance of a Single Tenant Page
- Monitoring Application-Level SLA Performance for Secure SD-WAN-Advanced
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Understanding SLA Performance Score for Applications, Links, Sites, and Tenants
- Syslog Streaming
Configuring Two-Factor Authentication
Two-factor authentication adds an additional authentication level for enhanced login security. CSO uses username and password as the first level of user verification. Starting from Release 6.1.0, CSO supports configuring an optional second level of verification. The second level of verification mandates a user to authenticate through a verification code either sent through an e-mail (default option) or generated using an authentication server.
By default, two-factor authentication is disabled for all users. SP and OpCo administrators can enable or disable two-factor authentication in the Authentication page (Administration > Authentication), whereas tenant administrators can perform the same in the Tenant Settings page (Administration > Tenant Settings).
If an administrator enables two-factor authentication at the global, OpCo, or tenant-level, then all existing and new users under that level are automatically configured for two-factor authentication. For example, if an OpCo administrator enables two-factor authentication, then all the users under that OpCo are configured for two-factor authentication.
Individual users cannot disable two-factor authentication if it is enabled by the administrator. However, users can change the authentication method. The default authentication mechanism is e-mail OTP.
If two-factor authentication is disabled at the global, OpCo, or tenant-level, then individual users can choose to enable two-factor authentication. Users can also change the authentication mechanism.
For example, if two-factor authentication is disabled at the tenant-level, then tenant users are required to enter only the username and password to log into CSO. If individual users under that tenant want to use an additional verification level, then they can choose to enable two-factor authentication in the My Profiles page.
If the administrator enables two-factor authentication initially and then later disables it, then existing users continue to have two-factor authentication enabled. Existing users can opt to disable two-factor authentication in the My Profile page (Administration > My Profile).
However, two-factor authentication is disabled for new users. New users can enable two-factor authentication based on individual requirements.
Individual users can enable two-factor authentication if it is disabled. Users cannot disable two-factor authentication if it is enabled by the administrator.
If single sign-on (SSO) is enabled at the global or OpCo level, administrators cannot enable two-factor authentication for the users at that level.
CSO provides two methods for two-factor authentication—e-mail and TOTP authentication. E-mail is the default method. You can opt to select TOTP authentication.
To enable TOTP authentication:
Install a Time-Based One-Time Password (TOTP) authenticator application on your mobile phone. You can use a TOTP authenticator application such as Authy, Duo Mobile, or you can use an authenticator from Microsoft, LastPass, or Google.
Scan the QR code provided in the My Profile page using the authenticator application to register your mobile phone with CSO.
Enter the verification code generated by the authenticator application and click Verify.
After CSO verifies the code, TOTP authentication is enabled. When you log in to CSO, you are prompted for a verification code that is generated by the authenticator application.
If you change your mobile phone, click Change Phone to unregister the existing phone from CSO. To register the new phone with CSO, follow steps 1 through 3.
If you do not want to use the TOTP authentication method, click Delete.
