PortalGuard Support For YubiKey®
You need to integrate your existing YubiKey® or recently purchased YubiKey® with PortalGuard for Two-Factor Authentication.
Integrate your specific YubiKey® within PortalGuard for 2FA
How to integrate YubiKey® within PortalGuard
Enter the client ID and secret key in the fields provided, then click the ‘Save’ button to commit the changes.
Still in PG_Config.exe, edit the security policy for the users who should have YubiKey support.
In the “Auth Methods -> Tokens” tab, ensure the Allow YubiKey Tokens checkbox is enabled. Click the Save button to commit any changes.
The user can now enroll a YubiKey from their PortalGuard Account Management page. The default URL for this is: http://<your.pg.server>/default.aspx(approve sites)
Clicking the Add new YubiKey link displays a prompt for a descriptive name for the YubiKey and a field for an OTP from it.
The YubiKey API client ID and secret will be used to securely verify the provided YubiKey OTP against Yubico’s YubiCloud servers. The same client ID and secret can be used by multiple PortalGuard servers.
If the OTP is valid, the YubiKey will be stored in the user’s PortalGuard profile and can be used to provide an OTP any time one is requested by PortalGuard.
The user can remove/disassociate the YubiKey from their PortalGuard account at any time using the “Remove” link in the PortalGuard Account Management page.
- Purchase a YubiKey from Yubico
- Register for a Yubico API key using the YubiKey (link). You will receive a Client ID number and a Secret Key text string.
- In the PortalGuard Configuration Editor, click the “Edit Bootstrap” button.
- In the Bootstrap Configuration dialog, go to the “Services -> H/W Tokens -> YubiKey” tab:
Please note the following details regarding YubiKey registration:
- A YubiKey cannot be used for 2FA through PortalGuard until it has been associated with the user’s account
- A user can register multiple, unique YubiKeys
- The same YubiKey can be associated with different users
REV. 04/2018 | PortalGuard