![]() The cursor appears in the edit box of the authentication code and the user can touch the YubiKey depending on the selected slot: Generally, a short touch will activate Slot 1 or a long touch will activate Slot 2.Īs a result, the edit box will display the associated 6-digit code and automatically close the dialog box indicating that the verification operation succeeded. ![]() Next, the Desktop UserLock agent programs the YubiKey using the MFA secret (without displaying it), then updates the Link YubiKey button to confirm that the operation succeeded: Choose the slot, then click "Link Yubikey": If the user chooses "Yes", a dialog box appears, showing the available YubiKey slot. The UserLock desktop agent automatically detects that a YubiKey is connected and therefore asks the user if it is the preferred method to configure multi-factor authentication (otherwise the TOTP dialog box will be displayed): The user plugs the YubiKey into the USB port of their computer (do not connect via RDP for this first connection as explained in the "Requirements" section). Once MFA is activated for a user account (configure the MFA frequency you need), this user may need help logging in for the first time with UserLock and YubiKey: To enable two-factor authentication with UserLock and YubiKey Subsequent connections will allow RDP connections with the YubiKey plugged into the USB port of the client computer. ![]() To enroll in MFA with YubiKey, users will have to connect directly (and not via RDP) to a computer for the Desktop UserLock agent to detect the YubiKey (unless USB redirection is supported in which case it is possible to remotely configure your YubiKey). This device must be inserted into a USB port of their computer during the connection. Users require a YubiKey with HOTP support such as YubiKey 5 NFC or the whole YubiKey 5 Series. In such cases, the user is already familiar with the operational features of the YubiKey device.Ī video presenting YubiKey and UserLock is available here.įor more details and references on YubiKey, see the “About YubiKey” section at the end of this document. Pressing the device with a short touch, or a longer touch of 3 seconds, will determine which of the two programmable slots will be activated. Since end users may already use YubiKey for other purposes (web authentication, personal use, etc.) adding MFA functionality requires the configuration of an available slot for the device. This touch activated YubiKey automatically enters a pre-determined authentication code thus avoiding the possibility of the end user entering an invalid code. To authenticate with YubiKey, users simply tap their security key. UserLock configures YubiKey in an efficient manner uniquely on the server side thus avoiding any client based configuration. ![]() Note that the most used TOTP solutions are authentication applications (for example Google Authenticator) or programmable tokens (for example, Token2). HOTP is an alternative to Time-based One-time Passwords (TOTP). YubiKey are programmable tokens, powered by Yubico, which can be configured to use HMAC-based One-time Passwords (HOTP) for multi-factor authentication. Onboarding for End Users – with YubiKey (HOTP programmable token) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |