{"id":1251,"date":"2019-04-29T20:30:00","date_gmt":"2019-04-29T20:30:00","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=1251"},"modified":"2020-05-06T10:26:59","modified_gmt":"2020-05-06T17:26:59","slug":"nios-2-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/","title":{"rendered":"NIOS 2-Factor Authentication"},"content":{"rendered":"<p>Your enterprise has implemented two-factor authentication for all access to computer systems.\u00a0 In a nutshell, two-factor authentication is something you know and something you have.\u00a0 The \u2018something you know\u2019 can be a password.\u00a0 The \u2018something you have\u2019 can be a token card or a certificate.\u00a0 A cyber criminal would need both to gain access.\u00a0 Knowing the password is not enough.<\/p>\n<p>You can configure NIOS to use the two-factor authentication method to authenticate users based on X.509 client certificates. In two-factor authentication, NIOS first negotiates SSL\/TLS client authentication to validate client certificates. It then authenticates the admins based on the configured authentication policy. You must first configure an authentication policy, and then configure and enable the certificate authentication service for the two-factor authentication to take effect. NIOS uses certificate authentication service as the authentication policy.<\/p>\n<p><strong>Prerequisites<\/strong><\/p>\n<ul>\n<li>(Optional) OCSP (online certificate status protocol) responder.<\/li>\n<li>Microsoft Active Directory server with Certificate Authority.<\/li>\n<\/ul>\n<p>Please consult with your PKI (public key infrastructure) expert on the certificates.<\/p>\n<p><span style=\"font-size: medium;\"><strong>Authentication data flow for 2-factor authentication on the Infoblox appliance<\/strong><\/span><\/p>\n<ol>\n<li>The client workstation issues an HTTPS request to the FQDN or IP address of the Infoblox appliance.<\/li>\n<li>The Infoblox appliance sends a certificate request to the client.<\/li>\n<li>Optionally, the certificate on the client is sent to the Infoblox appliance.<\/li>\n<li>Infoblox appliance then sends the public part of the certificate to the OCSP responder to determine certificate validity.<\/li>\n<li>If successful, the Infoblox appliance will generate a nuance (i.e. random bits of characters) and encrypt that with the public part of the certificate.<\/li>\n<li>The Infoblox appliance will send that nuance to the client to decrypt.<\/li>\n<li>If the client decrypts the nuance and sends the decrypted nuance back to the Infoblox appliance and is matched up successfully, then that proves the client has the exact public and private key.<\/li>\n<li>The Infoblox appliance will use a user group lookup against the Active Directory server.<\/li>\n<li>Depending upon the attribute passed in the certificate (i.e. SAN, Subject Alternate Name) account name or SAN UPN (User Principle Name) passed to the Active Directory server.<\/li>\n<li>The Infoblox appliance talks with the Active Directory server via a service account.<\/li>\n<li>Authentication successful.<\/li>\n<\/ol>\n<p><strong><span style=\"font-size: medium;\">Setting up 2 factor authentication on NIOS appliances<\/span><\/strong><\/p>\n<ol>\n<li>Log into the Infoblox GUI.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1257\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-1-image003.jpg\" alt=\"Log into the Infoblox GUI.\" width=\"600\" height=\"362\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-1-image003.jpg 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-1-image003-300x181.jpg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Navigate to Grid \u00e0 Grid Manager \u00e0 Toolbar \u00e0 Certificates \u00e0 Manage Certificates.<\/li>\n<li>Click on the \u2018+\u2019 button to upload the certificates from the Certificate Authority chain.<\/li>\n<li>If different from step 3, upload the OCSP CA chain from your OCSP responder.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1258\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-4-image005.png\" alt=\"OCSP responder\" width=\"600\" height=\"364\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-4-image005.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-4-image005-300x182.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Navigate to Toolbar \u00e0 Grid Properties \u00e0 Edit \u00e0 DNS Resolver.<\/li>\n<li>Click on the button to enable DNS resolver.<\/li>\n<li>Click on the \u2018+\u2019 button to add the IP address of the Active Directory server.<\/li>\n<li>Click Save and Close.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1259 size-full\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-8-image007.png\" alt=\"Active Directory server\" width=\"600\" height=\"442\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-8-image007.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-8-image007-300x221.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Navigate Administration \u00e0 Authentication Server Groups \u00e0 Active Directory Services.<\/li>\n<li>Hit the \u2018+\u2019 to add an entry.<\/li>\n<li>Enter the name of the Active Directory Service.<\/li>\n<li>Enter the name of the Active Directory Domain.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1260\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-12-image009.png\" alt=\"Active Directory Domain\" width=\"600\" height=\"368\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-12-image009.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-12-image009-300x184.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>In the Domain Controllers section, click on the + button to add a server.\u00a0 Use the fully qualified domain name of the server.<\/li>\n<li>Change the encryption to SSL.<\/li>\n<li>Click on the \u2018test\u2019 button. If it is successful, click on the \u2018add\u2019 button.<\/li>\n<li>Click \u2018Save and Close\u2019.<\/li>\n<li>Navigate to Certificate Authentication Services.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1261\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-17-image011.png\" alt=\"Certificate Authentication Services\" width=\"600\" height=\"401\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-17-image011.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-17-image011-300x201.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Click on the \u2018+\u2019 button to add Certificate Authentication Service.<\/li>\n<li>Add a name for the service.<\/li>\n<li>Uncheck Username\/password request.<\/li>\n<li>Click on the button to Enable remote lookup for user membership.<\/li>\n<li>In Authentication service, add the name of the active directory service.<\/li>\n<li>Add the username that was created in AD server for the Infoblox appliance to log into the AD server. The username is a service account. The service account user needs to be able to search the user attributes to get the member of objects.<\/li>\n<li>Click on Next.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1262\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-24-image013.png\" alt=\"member of objects\" width=\"600\" height=\"401\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-24-image013.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-24-image013-300x201.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Click on the \u2018+\u2019 button to add and an OSCP responder IP address.\u00a0 In this example, the OCSP Check Type is set to manual.\u00a0 However, you most likely will use AIA and manual, defining some local OCSP responders and using AIA from the user\u2019s certificate.<\/li>\n<li>Enter the port number that was configured on the OCSP server. This port number would come from your PKI (public key infrastructure) expert.<\/li>\n<li>Add the certificate for the OCSP server if you want to use the test button.<\/li>\n<li>Click on the test button.<\/li>\n<li>If successful, click Add.<\/li>\n<li>Click Next.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1263\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-30-image015.png\" alt=\"OCSP server\" width=\"600\" height=\"402\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-30-image015.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-30-image015-300x201.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Click on the \u2018+\u2019 button to add the CA certificates from the certificate store that will used to authenticate users.<\/li>\n<li>Click save and close.<\/li>\n<li>Navigate to Administration \u00e0 Administrators \u00e0 Authentication Policy.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1264\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/step-33-image017.png\" alt=\"Administrators \u00e0 Authentication Policy\" width=\"600\" height=\"388\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-33-image017.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/step-33-image017-300x194.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<li>Click on the \u2018+\u2019 in Authenticate users section.<\/li>\n<li>Click on the Certificate Authentication Service button.<\/li>\n<li>Choose the Authentication Server Group that was created before.<\/li>\n<li>Click the Add button.<\/li>\n<li>You should get a message stating 2-factor authentication enabled.<\/li>\n<\/ol>\n<p>The last thing that needs to be done is to install your certificate onto your browser.\u00a0 Please consult your PKI expert to install certificates onto your browser.<\/p>\n<p><span style=\"font-size: medium;\"><strong>Summary<\/strong><\/span><\/p>\n<p>Many network enterprises and service providers are implementing 2-factor authentication to increase security access to applications.\u00a0 This blog shows how the 2 factor authentication data flow works between the Infoblox appliance and OCSP responders and\/or Microsoft Active Directory servers.\u00a0 In addition, the steps to configure 2-factor authentication on the Infoblox appliance are documented in this blog.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Your enterprise has implemented two-factor authentication for all access to computer systems.\u00a0 In a nutshell, two-factor authentication is something you know and something you have.\u00a0 The \u2018something you know\u2019 can be a password.\u00a0 The \u2018something you have\u2019 can be a token card or a certificate.\u00a0 A cyber criminal would need both to gain access.\u00a0 Knowing [&hellip;]<\/p>\n","protected":false},"author":279,"featured_media":1252,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[16,52,84,15],"class_list":{"0":"post-1251","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-infoblox","9":"tag-nios","10":"tag-nios-2","11":"tag-security","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>NIOS 2-Factor Authentication<\/title>\n<meta name=\"description\" content=\"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIOS 2-Factor Authentication\" \/>\n<meta property=\"og:description\" content=\"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-29T20:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:26:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Lee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Lee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/\"},\"author\":{\"name\":\"Thomas Lee\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/09eef104302d85b2c7d7ce4bec738761\"},\"headline\":\"NIOS 2-Factor Authentication\",\"datePublished\":\"2019-04-29T20:30:00+00:00\",\"dateModified\":\"2020-05-06T17:26:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/\"},\"wordCount\":851,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31-1.jpg\",\"keywords\":[\"Infoblox\",\"NIOS\",\"NIOS 2\",\"Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/\",\"name\":\"NIOS 2-Factor Authentication\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31-1.jpg\",\"datePublished\":\"2019-04-29T20:30:00+00:00\",\"dateModified\":\"2020-05-06T17:26:59+00:00\",\"description\":\"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/march-31-1.jpg\",\"width\":600,\"height\":413,\"caption\":\"NIOS 2-Factor Authentication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/nios-2-factor-authentication\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NIOS 2-Factor Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/09eef104302d85b2c7d7ce4bec738761\",\"name\":\"Thomas Lee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_279_1571768676-96x96.jpg\",\"caption\":\"Thomas Lee\"},\"description\":\"Thomas Lee is a Technical Marketing Engineer at Infoblox. He has been with Infoblox for over 7 years. He works on the NIOS platform and does competitive analysis. He holds a Computer Science degree from California State University East Bay.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/thomas-lee\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIOS 2-Factor Authentication","description":"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/","og_locale":"en_US","og_type":"article","og_title":"NIOS 2-Factor Authentication","og_description":"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/","og_site_name":"Infoblox Blog","article_published_time":"2019-04-29T20:30:00+00:00","article_modified_time":"2020-05-06T17:26:59+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg","type":"image\/jpeg"}],"author":"Thomas Lee","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Lee","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/"},"author":{"name":"Thomas Lee","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/09eef104302d85b2c7d7ce4bec738761"},"headline":"NIOS 2-Factor Authentication","datePublished":"2019-04-29T20:30:00+00:00","dateModified":"2020-05-06T17:26:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/"},"wordCount":851,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg","keywords":["Infoblox","NIOS","NIOS 2","Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/","url":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/","name":"NIOS 2-Factor Authentication","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg","datePublished":"2019-04-29T20:30:00+00:00","dateModified":"2020-05-06T17:26:59+00:00","description":"Your enterprise has implemented two-factor authentication for all access to computer systems. In a nutshell, two-factor authentication is something you know and something you have. The \u2018something you know\u2019 can be a password. The \u2018something you have\u2019 can be a token card or a certificate. A cyber criminal would need both to gain access. Knowing the password is not enough.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/march-31-1.jpg","width":600,"height":413,"caption":"NIOS 2-Factor Authentication"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/nios-2-factor-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"NIOS 2-Factor Authentication"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/09eef104302d85b2c7d7ce4bec738761","name":"Thomas Lee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","contentUrl":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_279_1571768676-96x96.jpg","caption":"Thomas Lee"},"description":"Thomas Lee is a Technical Marketing Engineer at Infoblox. He has been with Infoblox for over 7 years. He works on the NIOS platform and does competitive analysis. He holds a Computer Science degree from California State University East Bay.","url":"https:\/\/www.infoblox.com\/blog\/author\/thomas-lee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/279"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=1251"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1251\/revisions"}],"predecessor-version":[{"id":1266,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1251\/revisions\/1266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/1252"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=1251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=1251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=1251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}