At some point when logging in your computer you will be prompted with the following screen. You may select "Skip" but only for a limited amount of time. Before that time expires, you must enroll by selecting either "Authenticator App" or "USB Token."
Steps to enroll YubiKey for login.
-
The user plugs the YubiKey into the USB port of their computer.
-
The user logs in.
-
The UserLock desktop agent automatically detects that a YubiKey is connected and therefore asks the user if it is the preferred method to configure multi-factor authentication.
-
Choose "Yes", a dialog box appears, showing the available YubiKey slot. Choose an empty slot, then click "Link Yubikey":
-
Next, the Desktop UserLock agent programs the YubiKey using the MFA secret (without displaying it), then updates the Link YubiKey button to confirm that the operation succeeded:
-
The cursor appears in the edit box of the authentication code and the user can touch the YubiKey depending on the selected slot: Generally, a short touch will activate Slot 1 or a long touch will activate Slot 2.
As a result, the edit box will display the associated 6-digit code and automatically close the dialog box indicating that the verification operation succeeded.
Subsequent connections for two-factor authentication with UserLock and YubiKey
Following the initial connection in which the YubiKey configuration is included, subsequent connections where MFA is requested will occur as follows:
-
The user plugs the YubiKey into a USB port of their computer (the client computer if they are using RDP).
-
The user logs in.
-
The UserLock desktop agent requests the authentication code:
-
The user touches the YubiKey button depending on the slot chosen: Generally, a short touch will activate Slot 1 or a long touch will activate Slot 2.
The edit box will display the associated 6-digit code. In order to logon, The user clicks "Verify and continue".
Comments
0 comments
Please sign in to leave a comment.