Subscribe to PortalGuard's Quarterly Newsletter for News & Updates on the Latest Release! Click to Subscribe

PortalGuard Support For YubiKey®

Problem

You need to integrate your existing YubiKey® or recently purchased YubiKey® with PortalGuard for Two-Factor Authentication.

Solution

Integrate your specific YubiKey® within PortalGuard for 2FA

How to integrate YubiKey® within PortalGuard

  1. Purchase a YubiKey from Yubico
  2. Register for a Yubico API key using the YubiKey (link). You will receive a Client ID number and a Secret Key text string.
  3. In the PortalGuard Configuration Editor, click the “Edit Bootstrap” button.
  4. In the Bootstrap Configuration dialog, go to the “Services -> H/W Tokens -> YubiKey” tab:
    • Bootstrap Settings for Yubikey support
  5. Enter the client ID and secret key in the fields provided, then click the ‘Save’ button to commit the changes.
  6. Still in PG_Config.exe, edit the security policy for the users who should have YubiKey support.
  7. In the “Auth Methods -> Tokens” tab, ensure the Allow YubiKey Tokens checkbox is enabled. Click the Save button to commit any changes.
    • Yubikey Security Policy Config
  8. The user can now enroll a YubiKey from their PortalGuard Account Management page. The default URL for this is: http://<your.pg.server>/default.aspx(approve sites)
  9. Clicking the Add new YubiKey link displays a prompt for a descriptive name for the YubiKey and a field for an OTP from it.
    • Yubikey Account Management Enrollment
  10. The YubiKey API client ID and secret will be used to securely verify the provided YubiKey OTP against Yubico’s YubiCloud servers. The same client ID and secret can be used by multiple PortalGuard servers.
  11. If the OTP is valid, the YubiKey will be stored in the user’s PortalGuard profile and can be used to provide an OTP any time one is requested by PortalGuard.
  12. The user can remove/disassociate the YubiKey from their PortalGuard account at any time using the “Remove” link in the PortalGuard Account Management page.

Please note the following details regarding YubiKey registration:

  1. A YubiKey cannot be used for 2FA through PortalGuard until it has been associated with the user’s account
  2. A user can register multiple, unique YubiKeys
  3. The same YubiKey can be associated with different users

REV. 04/2018 | PortalGuard

  • 6
  • 03-Apr-2018
  • 279 Views