Skip to content

YubiKey Configuration

YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication. This software uses second factor authentication provided by a configured YubiKey configuration to verify users logging into the software using their physical hardware key.

Note

The software supports multiple MFA providers assigned to different users and groups for the purpose of system authentication as well as a default MFA provider.

Create a YubiKey Configuration

To configure integration with YubiKey, Administrators or Configuration Managers should perform the following steps:

  1. Register a new YubiKey API key by accessing the URL https://upgrade.yubico.com/getapikey/ and following the provided steps. You may also reuse an existing YubiKey API key if one is available.
  2. Navigate to Configuration > YubiKey and click the Add button.

  3. Click on the parameter name for details about each or follow the guidance provided here:

    • Name: Enter a unique, but recognizable name for this YubiKey configuration.
    • Client ID: This parameter defines the Client ID generated by the YubiKey API Key registration. The application uses this parameter to authenticate with YubiCo servers.
    • Secret Key: This parameter defines the Secret Key generated by the YubiKey API Key registration. The application uses this parameter to authenticate with YubiCo servers.
    • Servers: This is an optional parameter that defines a custom set of YubiCo servers used for the configuration when recommended by YubiCo. We recommend leaving this parameter empty to use the default set of YubiCo servers.
    • Enabled: Enable this configuration.

Click the Save button to complete this configuration.

How YubiKey Works

After this YubiKey configuration has been assigned to a user(s), group(s), or as the default MFA provider, the user will need to use their hardware YubiKey as their second factor for authentication.

Here is how the login process occurs from the user's perspective:

  1. The user opens their browser to the tenant's login page and they enter their credentials. They click the Login button to advance.
  2. They are automatically directed to a second factor authentication page. On this YubiKey Code page, place the mouse cursor in the Code field and tap your YubiKey device to populate the HOTP code. Please note this operation will automatically register the YubiKey with 12Port during the first login.

  3. Once the valid code is supplied, the user will be automatically authenticated into 12Port. If it is not automatically done, click the Login button to manually authenticate the code.

    YubiKey Second Factor Code Prompt

Note

To reset a user's existing YubiKey registration, an Administrator can open the Reports > Users report, locate the user, and from the Actions menu select the option Reset YubiKey. Afterwards, this user's next login will automatically re-register their key with 12Port.