The Orchestrator Authentication option allows you to set the authentication modes for both the Operator and Enterprise Users. You can also view the existing API tokens.

In the Operator portal, click Orchestrator Authentication, and then select the authentication modes from the drop-down menu for Operator and Enterprise users.

The following are the authentication modes available. Only an Operator User can enable the Native and RADIUS modes for both Operator and Enterprise authentication. Any Operator user with super user permission can set up and configure the SSO mode.

  • Native – The default authentication mode of the SD-WAN Orchestrator. This mode does not require any configuration.
  • RADIUS – Remote Authentication Dial-In User Service (RADIUS) is a client-server protocol that enables remote access servers to communicate with a central server. RADIUS authentication provides a centralized management for users. For more information, see Configure RADIUS Authentication
  • SSO – Single Sign On (SSO) is a session and user authentication service that allows the Operator Users to log into the Orchestrator with one set of login credentials to access multiple applications. For more information, see Configure Operator Single Sign On.

API Tokens

You can access the Orchestrator APIs using token-based authentication, irrespective of the authentication mode. Operator Administrators with right permissions can view the API tokens issued to Orchestrator users, including tokens issued to the Partner and Customer users, in this section. If required, an Operator Administrator can revoke the API tokens.

By default, the API Tokens are activated. If you want to deactivate them, go to System Properties in the Operator portal, and set the value of system property session.options.enableApiTokenAuth as False.

Only the Operator Super User or the User associated with an API token can revoke the token. Select the token and click Actions > Revoke. As an Operator Super User, you can manage the API tokens for enterprise users. To create and download the API tokens, see API tokens.