We want to introduce a case study in which an information and communications company introduced YubiOn MacLogin Standalone, an endpoint security product. This company uses macOS machines in a closed network that cannot normally connect to the outside network and was looking for a product that could strengthen the login security of these PCs. This time, the point is to strengthen the login security of macOS machines that can be used in a closed network.
Introduced Organization
Information and communication company Deployment scale:
About 100 macOS machines are used in a closed network.
Introduces products:
YubiOn MacLogin Standalone (Intel / Apple Silicon chip compatible) Enhanced security with two-factor authentication for PC login.
YubiKey 5C Arrange authentication device YubiKey 5 for each machine user. USB type C is used. ※ When using this software, YubiKey settings are required, so please purchase it as a set with the software.
Issues
Customers sometimes handle personal information, so they use macOS machines in a closed network not connected to external networks. Initially, that had strengthened their security with a third-party product, but since that product no longer supports macOS, it became necessary to consider an alternative system. The product that had already been introduced was a two-factor authentication system that could operate in a closed network, and the screen was locked when the external authentication device was pulled out. They searched for a product that can handle changes to the macOS chipset and OS version upgrades, but it was hard to find such an endpoint security product, so they finally arrived at YubiOn's product.
As a challenge this time, when replacing the authentication product, it was necessary to satisfy two points: "two-factor authentication for macOS machines that operate in a closed network" and "screen lock can be applied by pulling out the authentication device".
Solution
The two-factor authentication requirement for macOS machines operating in a closed network was resolved by introducing the endpoint security product "YubiOn Maclogin Standalone" and by arranging for the authentication device "YubiKey" to be used for two-factor authentication.
YubiOn MacLogin Standalone allows you to use two-factor authentication with a simple setup of installing the software on your macOS machine and assigning the authentication device YubiKey to your account. Also, since it is a product that does not require a network connection, it can be used in a closed network (on-premise). By enabling the "screen clock" function of this software, it is possible to lock the screen when the authentication device is pulled out from the USB port.
After setting up the software, the operation at login will be changed as follows.
First, confirm the authentication* by Yubikey inserted in the USB port, and then authenticate the account password to enable login by two-factor authentication. By adopting two-factor authentication, which has higher security strength than single authentication with a password, you can log in more securely. The authentication operation is as simple as inserting the YubiKey and entering the password, so you can strengthen authentication without compromising the user experience.
* Authentication uses the challenge-response function of the YubiKey 5 series or later.
Since YubiKey settings are required to use this software, please contact us when purchasing a YubiKey.
The requirement to lock the screen when the authentication device is pulled out was met by activating the "screen lock" function of this product.
This screen lock function has the effect of preventing prying eyes, so you can leave your seat with peace of mind.
Introduction of YubiKey
As we are Yubico's domestic authorized distributor, we can provide a YubiKey that fits your USB port. Please contact us if you want to purchase this product.
Finally
By installing YubiOn MacLogin Standalone, you can easily implement two-factor authentication for macOS terminals. In addition, since the CPUs of recent macOS terminals have shifted from Intel to Apple Silicon (ARM), many customers may be worried that their security software is not compatible with the CPUs. This product is compatible with Apple Silicon, so you can use it with peace of mind. Information on the products and authentication devices introduced in this issue is summarized below. Please feel free to contact us for further information.
YubiOn MacLogin Standalone
For product details, please refer to the product detail page. This product supports the Apple Silicon series chipset and future version upgrades.
YubiKey purchase notes
When using this software, YubiKey settings are required, so please purchase it as a set with this software.