× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

Integrating YubiKey "HOTP" With Centrify Identity Platform

Integrating YubiKey "HOTP" With Centrify Identity Platform

By Centrify on ‎12-23-2016 04:26 AM

Objectives

The HOTP algorithm specifies an event-based OTP algorithm, where the moving factor is an event counter. HOTP uses a counter which increases each time a code is created and, therefore, is time independent

The following is an end-to-end guide for integrating Yubikeys with the Centrify Identity Service platform using the OATH-HOTP

What would you need

Setting

Insert your Yubikey in your USB port as it is a full-featured key with USB contact

 

Additional capabilities can be reviewed at YubiKey NEO

 

1.png 

Configuring the YubiKey

1.     Start the Yubikey Personalization tool

2.     Select OATH-HOTP

3.     Click on the “Advanced” button

 2.png

 

 

1-    Confirm you are within the OATH-HOTP configuration tab

2-    Confirm that the Yubikey is inserted and can be read

3-    Make sure to select “Configuration Slot 2

4-    Untick the “OATH Token Identifier, if it is already selected

 3.png

5-    Select “6 digits” option

6-    Generate a secret key

7-    A key is generated. Highlight the key and Copy it as it will be used later

8-    Finally write the above configuration to the key

9-    Confirm config is written and no errors are displayed

 

 

 

 

Integration with Centrify Identity Cloud Platform

Log on to the Centrify Cloud Service as a Cloud Admin user and navigate to the “Settings” tab

 

 

 

1.     Select Authentication

2.     OATH Tokens

3.     Click on the “Bulk Token Import” to open the CSV file for filling the Yubikey token details

 4.png

 

 

Fill in and Complete the bulk import spreadsheet as per the example below. Insure to paste the previously copied HEX key in the appropriate cell.

 5.png

Save the file, then browse to that file to upload it and click next to complete importing the keys.

 

 

You should end up with a similar configuration as below

 6.png

 

 

 

 

Additional Configuration required within the Centrify Identity platform

 

 

Create your custom “Authentication Profile” to specify the Multi-Factor Authentication profile with the options required

 

Ensure to select “OATH OTP Client” either on the 1st or 2nd challenge

7.png 

 

 

 

 

 

 8.png

Enable the login Authentication option

 

Select the desired Login Profile previously configured

 

 

 

 

 

Enable OATH OTP in the Policies Set

 9.png

 

 

Results and Conclusion

Now that all configuration and integration is completed, users can use the Yubikey to login to the Centrify Identity Portal

 

 

 

Start the Centrify portal and provide your login ID and click next to move to the MFA login screen

10.png

 

 

 

 

 

11.png 

Touch the Yubikey key for about 3 seconds to generate the counter based HOTP

 

You should be able to login successfully now to your Centrify Portal environment

 

 

 

 

We hope this integration guide was helpful. For all other questions on how Centrify can help you consolidate user identities and solve the #1 cause of all cyber-attacks, please contact us at https://www.centrify.com/about-us/contact/

 

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel