Note

Authentication for both the admin authentication policy and OCSP validation must be successful on NIOS.
Certificate-based authentication does not work on Cloud Platform members for WAPI calls.

...

If a Grid Master has either a Cloud Network Automation or a Cloud API license or if any of the members or passive nodes of an HA Grid Master has a Cloud API license, then certificate-based WAPI authentication will not work; only user name and password -based authentication works.

The following figure Authenticating Admin Accounts Using TACACS+ illustrates the two-factor authentication and authorization process.

1

Drawio

border

86544361

tbstyle
simple	0
zoom	1
inComment	0
pageId	73273485
custContentId	546078733
diagramDisplayName	4.7(231page)
lbox	1
contentVer	2
revision	3
baseUrl	https://infoblox-docs.atlassian.net/wiki
diagramName	4.7(231page)
zoompCenter	10
pageIdwidth	267742851037
custContentIdlinks
lbox	1
contentVer	1

revision	height	883

Best Practices for Configuring Two-Factor Authentication

...

Use Global Search to search for certificate authentication services. For information about Global search, see About the Grid Manager Interface.
View audit log entries for the certificate authentication service. For information about viewing the audit log, see Monitoring Tools.
Select a certificate authentication service and click the Delete icon to delete it. In the Delete Confirmation dialog box, click Yes to confirm deletion.
Modify a certificate authentication service as mentioned in Modifying Certificate Authentication Services below.
Print the data or export it in .csv format.

...

Versions Compared