PortalGuard Support For YubiKey®
Problem
You need to integrate your existing YubiKey® or recently purchased YubiKey® with PortalGuard for Two-Factor Authentication.
Solution
Integrate your specific YubiKey® within PortalGuard for 2FA.
Purchase a YubiKey from Yubico.
Register for a Yubico API key using the YubiKey (link). You will receive a Client ID number and a Secret Key text string.
In the PortalGuard Configuration Editor, click the “Edit Bootstrap” button.
In the Bootstrap Configuration dialog, go to the “Services -> H/W Tokens -> YubiKey” tab:
Enter the client ID and secret key in the fields provided, then click the ‘Save’ button to commit the changes.
Still in PG_Config.exe, edit the security policy for the users who should have YubiKey support.
In the “Authentication Methods” → “Tokens” → “Modern” tab, ensure the “Allow YubiKey™ Tokens” checkbox is enabled. Click the Save button to commit any changes.
The user can now enroll a YubiKey from their PortalGuard Account Management page. The default URL for this is: http://<your.pg.server>/default.aspx
Clicking the Add new YubiKey link displays a prompt for a descriptive name for the YubiKey and a field for an OTP from it.
The YubiKey API client ID and secret will be used to securely verify the provided YubiKey OTP against Yubico’s YubiCloud servers. The same client ID and secret can be used by multiple PortalGuard servers.
If the OTP is valid, the YubiKey will be stored in the user’s PortalGuard profile and can be used to provide an OTP any time one is requested by PortalGuard.
The user can remove/disassociate the YubiKey from their PortalGuard account at any time using the “Remove” link in the PortalGuard Account Management page.
NOTE: A few details regarding YubiKey registration:
A YubiKey cannot be used for 2FA through PortalGuard until it has been associated with the user’s account.
A user can register multiple, unique YubiKeys.
The same YubiKey can be associated with different users.