8 July,19 at 06:33 PM
The HOTP algorithm specifies an event-based OTP algorithm, where the moving factor is an event counter. HOTP uses a counter which increases each time a code is created and, therefore, is time independent
The following is an end-to-end guide for integrating Yubikeys with the Centrify Identity Service platform using the OATH-HOTP
Insert your Yubikey in your USB port as it is a full-featured key with USB contact
Additional capabilities can be reviewed at YubiKey NEO
|
1. Start the Yubikey Personalization tool 2. Select OATH-HOTP 3. Click on the “Advanced” button |
|
1- Confirm you are within the OATH-HOTP configuration tab 2- Confirm that the Yubikey is inserted and can be read 3- Make sure to select “Configuration Slot 2 4- Untick the “OATH Token Identifier, if it is already selected |
|
5- Select “6 digits” option 6- Generate a secret key 7- A key is generated. Highlight the key and Copy it as it will be used later 8- Finally write the above configuration to the key 9- Confirm config is written and no errors are displayed |
Log on to the Centrify Cloud Service as a Cloud Admin user and navigate to the “Settings” tab
|
|
1. Select Authentication 2. OATH Tokens 3. Click on the “Bulk Token Import” to open the CSV file for filling the Yubikey token details | |
Fill in and Complete the bulk import spreadsheet as per the example below. Insure to paste the previously copied HEX key in the appropriate cell. |
|
Save the file, then browse to that file to upload it and click next to complete importing the keys. |
You should end up with a similar configuration as below |
|
|
|
Create your custom “Authentication Profile” to specify the Multi-Factor Authentication profile with the options required
Ensure to select “OATH OTP Client” either on the 1st or 2nd challenge | |
|
|
|
|
|
Enable the login Authentication option
Select the desired Login Profile previously configured |
|
|
|
|
Enable OATH OTP in the Policies Set | |
|
|
Now that all configuration and integration is completed, users can use the Yubikey to login to the Centrify Identity Portal
|
|
Start the Centrify portal and provide your login ID and click next to move to the MFA login screen | |
|
|
|
|
|
Touch the Yubikey key for about 3 seconds to generate the counter based HOTP
You should be able to login successfully now to your Centrify Portal environment
|
|
|
We hope this integration guide was helpful. For all other questions on how Centrify can help you consolidate user identities and solve the #1 cause of all cyber-attacks, please contact us at https://www.centrify.com/about-us/contact/