Yubico Authenticator is an application developed by Yubico that works in conjunction with YubiKey hardware devices to provide two-factor authentication (2FA) or multi-factor authentication (MFA), it enables users to generate Time-based One-Time Passwords (TOTP) or HMAC-based One-Time Passwords (HOTP) using their YubiKey as a secure storage for the secret keys.
In order to make it work with the CloudZiti Clients you just need to:
- Enable the MFA into your Identity, the following is an example using the Windows Ziti Edge Tunnel
- Click on Show Secret on the Show Secret Link
- After the code is displayed, copy it.
- Open The Yubico Authenticator and click on the Yubikey configuration icon. This article assumes you have already configure your Yubico Authenticator with your Yubikey.
- Then Click on Add Account.
- Fill with the information required, as best practice set the Issuer to the name of your network and the AccountName to the name of the identity. You can enable Require Touch to increase your secuirty posture. After that, click on save.
- The new account should appear in your YubicoAuthenticator. Click on it (or directly copy the code).
- If you clicked in the new account, then a new panel appears, where you can copy the code using the icon.
- Paste that code into your CloudZiti Client and click on Authenticate.
- Save your recovery codes (as you normally do for any MFA account you're using).
- The identity must be authenticated and MFA enabled. Now the only way to get authenticated into the overlay is by using your strong identity plus the MFA via your Yubikey (if you enable the touch that's an extra security step).
Comments
0 comments