top of page
Blog article

Blog article

Simulation of YubiOn Portal Installation: A Guide

In recent years, the term “two-factor authentication” has become significantly more widespread due to the increased awareness and need for more robust security. Previously, Softgiken has launched various products that utilize two-factor authentication to enhance the security during the PC log-in process. In line with this, Softgiken has created a new product, the YubiOn Portal.


This article will discuss commonly asked questions regarding the installation and usage of the YubiOn Portal in various environments.

This article is recommended for:

​・SE considering security measures for company PCs

・Those looking to learn more about the YubiOn Portal

Contents

Introduction of the YubiOn Portal

Pre-requisites for installation

Setting up the Portal

Guide to complete installation

Troubleshooting

Conclusion

Introduction of the YubiOn Portal

YubiOn Portal is a two-factor authentication service developed and provided by Soft Giken Co., Ltd. that enforces two-factor authentication on the company’s PCs using one-time passwords obtained from an authentication device known as YubiKey and standard password input. Further, the portal allows the administrator to manage each PC's logins and log in to services like Google and Microsoft 365 through SSO. Also, YubiOn does not require a new in-house server.


※YubiKey is an authentication device by YubiCo. YubiOn is compatible with series five or onwards. If settings for the YubiKey have been customized, they cannot be supported by the system.


Pre-requisites for installation

YubiOn provides a free trial period, allowing you to enjoy the YubiOn experience without feeling tied down.


To know more about the operating environment, please visit this page.


To use YubiOn, one must own a YubiKey of series five or onwards. If, for some reason, one cannot purchase one, please contact us so we can arrange it, as we also lend them to clients at no additional cost.

Setting up the Portal

To understand the YubiOn Portal, consider the following use case for a fictional company.

Background


  • Currently, all company computers are protected only by standard passwords.

  • Following Active Directory policies, passwords are changed periodically.

  • As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.

Goals

  • To introduce two-factor authentication to all company computers

Environment

  • There are approximately 100 employees who require one company computer each for remote work.

  • Apart from the head office, there are multiple other offices wherein company computers are being shared.

  • The company has various administrators.

  • The company does not yet own YubiKeys.

1. Sign up for the free trial version of the YubiOn Portal 


2. Enter the required information for registration

The information entered at this time should be the information of the administrator or “person in charge.” This information can be changed after registration.


This administrator will also have access to the management site.



3. Register and link the appropriate YubiKey

If the YubiKey is not yet available, click on the “Suspend setting and check customer information” link at the bottom right of the screen.


Once the Customer Information screen is displayed, the information entered during registration can be viewed.


【Tips】

  • The free version only allows registration of up to 3 members, YubiKeys, and PCs.

  • It also restricts the settings such as those that make two-factor authentication mandatory.

  • Refer to the version functionality comparison chart for more details.


4. Obtain a YubiKey

YubiKey is available for rent through SoftGiken. Please contact us for more details

This use case will explore the paid version of YubiOn, which has access to all features wherein the company is looking to verify the licenses for ten devices.



5. Registering the YubiKey

Upon receipt of the YubiKey shipped by Soft Giken, register it on the management website. Now, insert the YubiKey into your PC's USB port and touch it with your finger for the generation of the OTP.

【Tips】

At this point, the YubiKey will be recognized as a keyboard device.

However, the client software can be downloaded to complete verification on another PC.


Also, in the paid version, one can see that, as entered before, the total number of licenses that can be verified is ten.


6. Install the client software on the verification PC

Log in to the management website again through the verification PC and open the download screen.


Download the client software installer and start the installation.


The runtime requirements for the client software operation will also be installed, so proceed according to the instructions.


When the installation is completed, the setting tool will start, and at that time, communication with the server will be performed, and the information of the PC will be registered.


Enter the email address and password registered on the management website and the YubiKey OTP.


The PC information will be registered in the YubiOn Portal if the authentication is successful.


Registration of more PCs and YubiKeys can be done through the settings tool and, once completed, can be viewed from the website.


7. Logging in to the portal

Lock the verification PC. Then, select the YubiOn Portal login method that has been added to the sign-in options while logging on.


Here, one will be prompted for password entry. Enter the password, then plug the YubiKey in. Once plugged in, touch the YubiKey to generate and enter the OTP to be logged in automatically.


8. Making two-factor authentication mandatory

Through this setting, one can select single sign-on or two-factor authentication as the default option.


Navigate to the Service Settings screen of the Web management section and set the group policy.


As the registered PCs are automatically assigned to the default policy, creating a new group policy is required.


In the example below, a group policy has been created which enforces the usage of a YubiKey.


Now, assign this group policy to the current PC used to sign in. However, immediately after the assignment, the change will not yet be reflected; the current PC will still reflect the previous default policy.


9. Confirming that two-factor authentication is mandatory

As the PC communicates with the server while it is either locked or restarted, lock the PC to allow it to communicate with the server so the changes are updated. Upon starting the computer, the sign-in page will not display the single sign-on option but instead the YubiOn Portal.


Now, enter the password and the YubiKey OTP to successfully log in while logging in. As the login required both the password and YubiKey OTP, it is clear that the two-factor authentication has been successfully enabled and set as mandatory.


Guide to Complete Installation

This section will now cover the steps needed to completely set up YubiOn Portal, as well as how to introduce it to the company environment.

Again, consider the same company from the previous section.

Background

  • Currently, all company computers are protected only by standard passwords.

  • Following Active Directory policies, passwords are changed periodically.

  • As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.

Goals

  • To introduce two-factor authentication to all company computers.

Environment

  • There are approximately 100 employees that require 1 company computer each for remote work.

  • Apart from the head office, there are multiple other offices wherein company computers are being shared.

  • The company has various administrators.

  • The company does not yet own YubiKeys.


【Notes】

  • Despite being under the Active Directory, YubiOn is installed without requiring any changes to it.

  • Currently, PCs are protected using only single sign-on, so now, two-factor authentication will be performed.

  • Provide all employees who are working remotely with one YubiKey each.

  • Keep track of which YubiKey is assigned to each employee.

  • Due to a large number of people, each employee must be responsible for their assigned YubiKey.

  • One administrator will be assigned to each branch to manage logins for employees, YubiKey, and shared PCs belonging to that branch.

  • The administrator of each branch is also responsible for managing the policies.


1. Switching to the paid version

Leave a request in the contact form for inquiries regarding switching to the paid version.



2. Member registration

Employees can be registered as either general members or administrators through the member management system. In this example, one employee will be assigned as an administrator for each branch, while the rest are assigned as general members. For convenience, member creation can be completed using the CSV batch registration function.



3. Obtain YubiKey

For this example, assume that there are over 100 YubiKeys available, including one for each member, a few for administrative use, a few for shared use, and a few spares. Upon receiving these YubiKeys, make a note of which Key is assigned to each employee by making a note of the serial number engraved on each Key.


Also, as the devices may be required to be used while offline, change the YubiKey device settings to enable offline access.



4. YubiKey Distribution

Distribute the assigned YubiKeys to each employee working remotely. Ensure that the devices are not used until the allocation settings are completed.



5. YubiKey Allocation

There are two allocation methods - administrative allocation or allocation by individual members. For this example, the latter will be demonstrated.


To do this, send all employees an email or other notification asking them to register the YubiKey.



6. Shared PC settings

Two-factor authentication can also be set up for the shared PCs by having the administrator assign a YubiKey to it.




7. Policy Creation

On the service setting screen of YubiOn Portal, create a policy that requires two-factor authentication using YubiKey.


In addition, the administrator of each branch can add new service settings and create policies unique to each site.



8. Starting Operations

The administrator can begin operations once they confirm that all PCs have been registered and that all the required settings have been made.


Further, by making two-factor authentication using YubiKey mandatory, all employees will be required to use the YubiKey OTP and password during their sign-in attempts.


For more information regarding YubiOn Portal, please refer to the YubiOn Portal Guide.

Troubleshooting

A few common queries faced while using the YubiOn Portal are discussed below.


 ○I can’t log in because I forgot my YubiKey

 

Log in without YubiKey can be enabled temporarily. See here for details.


 ○I lost my YubiKey


Disable the lost YubiKey from the management screen, assign a spare YubiKey to the user and register it through the Portal


 ○I want to check the user log


Please see here for details on checking user logs.


Please refer to the YubiOn Portal FAQ for more queries.


Conclusion

This article was an introduction guide to the various functionalities offered by YubiOn Portal. Please contact our team for information if you are interested in knowing more.




Comentários


bottom of page