- Onboarding Authentication Providers
- Onboarding Devices: Token-Based Authentication
- Subscribing to CloudVision as-a-Service updates
Onboarding Authentication Providers
Once the CloudVision as-a-Service instance is set up, use the following procedure to add a preferred authentication provider.
To add a preferred authentication provider:
- Navigate to Settings using the gear icon.Verify under the Features section OAuth Providers is toggled on.
- Navigate to Access Control and then Providers. To add a new authentication provider, click the 'Add Provider' button.
- Select a provider that your organization uses.
Note that currently Google and Microsoft are supported as a Shared Providers. Shared Providers use an Arista-provided set of credentials so no other information is required from the customer for the onboarding.
Other providers are currently supported as non-shared providers. Additional required form fields will appear upon selecting these providers. These fields will need to be filled out with credentials specific to your account with that provider.
- Saving the provider will send a registration request to the CloudVision Service backend along with the related information.
- Once the authentication provider is set up, make sure to add the admin email address and verify the login process before the Invitation URL expires. To add a user account navigate to Users and then the Add Userscreen.
Onboarding Devices: Token-Based Authentication
To onboard the devices using token-based authentication.
- To onboard the devices navigate to Devices and then Inventory and thenAdd Devicesand thenOnboard Devices.
- Details on how to create a token, and using that token to onboard the devices are listed under the Onboard Devices. Please follow the directions to create a token and onboard your devices to CloudVision Service.
Note: You can use the same token to onboard multiple devices. CloudVision Service will use the device serial number to identify a device.
- Once you successfully onboard the devices you should be able to see them under the Devices tab.
- Click on the wrench icon (#) to provision the device. This will take you to the device-specific page. Select the. Device Overview tab and then select Provision Device to provision the device in CloudVision Service.
Note: Prior to Provision Device make sure the user account exists in the EOS device. For example:Assuming email@example.com is the email address used for OAuth authentication you need to have john.smith as a user (for Arista Demo you will need to use
firstname.lastname@example.org): sw(config)#username john.smith privilege 15 <nopassword/secret>
If you have TACACS+ configured for authentication, in order for CloudVision as-a-Service to properly provision the device, the exact user account should already exist in the TACACS+ Server.
If you have a Radius server for EOS authentication, you need to add the
--disableaaaargument into the TerminaAttr config.
For additional information on migrating an EOS device with a TACACS+/Radius authentication to the CloudVision Service, please refer to Authentication Prerequisites.
Subscribing to CloudVision as-a-Service updates
You can monitor CloudVision Service live status through https://status.arista.io . You can also subscribe to CloudVision Service notification via email/text using Subscribe to CloudVision.