Setting Up Embedded YubiKey Authentication

Table of contents
No headers

(Version 7+)

This is a quick guide to setting up Embedded YubiKey Authenticator with Pleasant Password Server.

Before you begin, make sure you:

  • have a YubiKey USB device plugged in and within reach; and
  • install any YubiKey software that came with the device.

 

IMPORTANT NOTE:remember which of your YubiKey's two configuration slots you are using with Password Server - using the wrong slot will cause errors.

A. [Optional] Create a policy to use Two-Factor Authentication. For More Detailed info and other methods to apply Policies click : User Policies

1. Select From Users & Roles > Manage Policies

2. Create a new Policy and set the applicable fields and flags.

IMPORTANT NOTE: Setting Two Factor as Required will prevent the user from logging in without Two Factor Authentication when the Policy is applied to them. Thus make sure to complete Step B.

4. Click Save and refresh.

5. Within the "Manage Policies" Window you should now see the policy you just created

B. Set Policy to use two factor authentication (YubiKey Embedded Server)

1. Select the policy you created in step (A) or another policy you want to alter. Click the policy name, not the [Edit] link.

2. Under the "Two Factor Policy" Menu you should see "Configurations". Under the Provider there should be a row for "YubiKey Embedded Server" (should be disabled). On the right of the row, select [Configure]:

Two Factor Embedded Menu.png

5. Click the Enabled checkbox.

6. You can also allow the user to disable the provider.

7. Since this Policy options needs individually configured data (for each user) these are the only global policy settings you can configure. Click Save.

Two Factor Embedded Global.PNG

8. Navigate to a user you would like to setup the two factor authentication for via the "User & Roles -> Manage Users" Menu.

9. You will need to enter the YubiKey Information to allow it to be authenticated. 

- Key Identity : this can be done by using the generate button on the YubiKey or entering manually

- Internal ID : obtained from the YubiKey software when writing to a YubiKey device

- Encryption Key : obtained from the YubiKey software when writing to a YubiKey device

NOTE: Some of the information above is obtained from a CSV file that is generated when programming the YubiKey. This is outside of the scope of this guide; but the free software can be obtained via https://www.yubico.com/support/downloads/

10. The device used in this example was programmed via Yubico OTP and a CSV was generated with the following info [your's will be different and this information will not work for your configuration]:

Yubico CSV.PNG

11. The Key Identity is the first string of random characters on the second line of the CSV (starting with "vvni..."), the Internal ID is the next string of characters (starting with "85b...", The Encryption Key is the next string  (starting with "3a18...". The strings you generate will have different characters but will be presented in the same order.

12. These strings of characters can just be copy and pasted into the applicable fields in the Users YubiKey Embedded Server Configuration Page, click save when complete:

YubiKey Embedded Config.PNG

C. Authenticating via YubiKey

1. Login as the user you configured Two Factor Authentication for.

2. After you enter the user name and password you will presented with another Verification Page:

YubiKey Auth.PNG

3. You can select the "Token" text box and use the YubiKey generation button and the key will be inserted.

D. Choosing Your Two Factor Authenticator

1. In the Event that more than one available two factor methods are enabled for a given User/Role, you will be prompted to select one of these for verifying your login.

Two Factor Choices.PNG

2. Whichever is chosen, the result of a successful verification will direct the user to the main Pleasant Password server page.

Tag page
You must login to post a comment.