Docs

Guides

Using Token2 FIDO2 Security Keys for YubiOn FIDO Logon

Name: Token2 C301-i programmable hardware token for Office 365 and Azure MFA
Brand: Token2
SKU: t2-51
Price: 21 EUR
Availability: InStock
Rating: 5 (4752 reviews)

Microsoft allows the use of FIDO2 security keys to log on to Windows 10/11 devices that have been Hybrid Azure AD (Microsoft Entra ID) joined for Single Sign-On (SSO) to both cloud and on-premises resources. However, in certain situations, this solution may not function properly, necessitating the use of an alternative approach. The following guide illustrates how to utilize Token2 Security Keys with one such alternative solution called YubiON FIDO Logon.

YubiOn FIDO Logon is a solution that can enhance PC logon with two-factor authentication using FIDO. An endpoint security product that combines security and convenience, improving the user experience through FIDO authentication and integrated management of users, PCs, and authentication information through a browser-based management console. It can be installed with a simple setup to enhance the logon security of PC terminals.

In this guide, we will show how to use Token2 security keys for the YubiOn FIDO Logon Service.

Requirements:

• A YubiOn FIDO Logon web management site profile
• Windows 10/11 as a Client
• A Token2 FIDO security key

Customer Registration

1) Register as a customer on the registration page. The license is registered as a free license at the time of service registration. All paid features are available free of charge for the first 3 months after registration.

2) Login to your web management profile.

3) Navigate to "Authentication Service" and click on "Download".

4) Download the installer and install the software on your client PC. Activate it with the registration code from the page with the installer.

5) After the activation, this PC will appear in the "PC Management" page of web management. And you will be able to assign policies to this computer.

Introduction to the management functions of YubiOn FIDO Logon

1) Policy functions. Navigate to "Authentication Service" and click on "Group Plicy". You can set the operation settings to each PC at once.

•Cache logon expiration. Can be used while offline.

•Limited sign-in options. Limited to YubiOn FIDO Logon.

•Allow password logon. Password logon permission.

•Authentication failure lockout. Cannot log on when authentication fails.

2) Emergency logon.

With this function, you can log on with your Windows password even if you do not have an authenticator(FIDO key) temporarily, such as when you lose the FIDO key.

Register your FIDO key.

1) From Web Management.Registration is done by the administrator.
Navigate to "Authentication Service" and click on "Account".

Click on key icon in the "Authenticator" column.

The "Credential List" popup window will appear. Insert the Token2 security key and click the plus ("+") sign on the right side to add a FIDO key.

YubiOn FIDO Logon will start to identify the inserted security key. If you have set up a PIN code on it, you will be prompted to type it. Otherwise, you will have to set up a new PIN.

Then you will be prompted to press the button on the security key to complete registration. Note: Security keys differ in the exact instructions to activate them. Your key may require a tap or button press to activate registration.

Give a friendly name (or leave the default) and click "Update".

A new FIDO key will appear in the "Credential List" table and will be ready to use for authentication.

2) From the FIDO Logon Setting tool on the client PC. Open the application and navigate to "Authentication settings". Insert the Token2 security key and click the "Register" button.

The app will start to identify the inserted security key. Please note that in this method of registration, the PIN has to be set before. Otherwise, the registration will be unsuccessful.