Two-factor authentication login – HP Integrated Lights-Out User Manual
Page 51
Configuring iLO 2 51
Two-factor authentication login
When you connect to iLO 2 and two-factor authentication is required, the Client Authentication page
prompts you to select the certificate you want to use. The Client Authentication page displays all of the
certificates available to authenticate a client. Select your certificate. The certificate can be a certificate
mapped to a local user in iLO 2, or a user specific certificate issued for authenticating to the domain.
After you have selected a certificate, if the certificate is protected with a password or if the certificate is
stored on a smart card, a second page appears prompting you to enter the PIN or password associated
with the chosen certificate.
The certificate is examined by iLO 2 to ensure it was issued by a trusted CA by checking the signature
against the CA certificate configured in iLO 2. iLO 2 determines if the certificate has been revoked and if
it maps to a user in the iLO 2 local user database. If all of these tests pass, then the normal iLO 2 user
interface appears.
If your credential authentication fails, the Login Failed page appears. If login fails, you are instructed to
close the browser, open a new browser page, and try connecting again. If directory authentication is
enabled, and local user authentication fails, iLO 2 displays a login page with the directory user name
field populated with either the User Principal Name from the certificate or the Distinguished Name
(derived from the subject of the certificate). iLO 2 requests the password for the account. After providing
the password, you are authenticated.
Using two-factor authentication with directory authentication
In some cases, configuring two-factor authentication with directory authentication is complicated. iLO 2
can use HP Extended schema or Default Directory schema to integrate with directory services. To ensure
security when two-factor authentication is enforced, iLO 2 uses an attribute from the client certificate as