Portal Guard Support For Yubi Key®
PortalGuard Support for YubiKey
You have an installation of PortalGuard / are considering purchasing PortalGuard and are wondering if PortalGuard will support your Yubico YubiKeys
PortalGuard does offer support for your YubiKeys. Outlined below are steps to follow to have PortalGuard begin functioning with your YubiKeys.
1) Purchase a YubiKey from Yubico
2) Register for a Yubico API key using the YubiKey (link). You will receive a Client ID number and a Secret Key text string.
3) In the PortalGuard Configuration Editor, click the “Edit Bootstrap” button.
4) In the Bootstrap Configuration dialog, go to the “Services -> H/W Tokens -> YubiKey” tab:
5) Enter the client ID and secret key in the fields provided, then click the ‘Save’ button to commit the changes.
6) Still in PG_Config.exe, edit the security policy for the users who should have YubiKey support.
7) In the “Auth Methods -> Tokens” tab, ensure the Allow YubiKey Tokens checkbox is enabled. Click the Save button to commit any changes.
8) The user can now enroll a YubiKey from their PortalGuard Account Management page. The default URL for this is: http://<your.pg.server>/default.aspx(approve sites)
Clicking the Add new YubiKey link displays a prompt for a descriptive name for the YubiKey and a field for an OTP from it.
10) The YubiKey API client ID and secret will be used to securely verify the provided YubiKey OTP against Yubico’s YubiCloud servers. The same client ID and secret can be used by multiple PortalGuard servers.
11) If the OTP is valid, the YubiKey will be stored in the user’s PortalGuard profile and can be used to provide an OTP any time one is requested by PortalGuard.
12) The user can remove/disassociate the YubiKey from their PortalGuard account at any time using the “Remove” link in the PortalGuard Account Management page.
Please note the following details regarding YubiKey registration:
• A YubiKey cannot be used for 2FA through PortalGuard until it has been associated with the user’s account
• A user can register multiple, unique YubiKeys
• The same YubiKey can be associated with different users