In This Article


Overview

Normally a multi-factor authentication process is performed using SMS (text messaging), or an app-based authentication with a smartphone.  This is, by far, much more secure than using passwords alone.  However, not everyone has a phone and there are certain environments where phones are not allowed.

Hardware-based security keys are an excellent alternative to using a phone.  They provide end-users a quick way to perform a second factor of authentication and it's difficult to intercept.  

For hardware-based keys, Clearlogin uses with the FIDO U2F security protocol.  It was developed by Google and a security company called Yubico, but is now administered by the FIDO Alliance.

The steps in this article will walk you through the process for associating your Clearlogin account with a hardware U2F USB key.

For information on enabling the U2F MFA Provider service in Clearlogin, refer to the Multi-factor Authentication article.



Steps to Configure a U2F Key


IMPORTANT: You should perform this configuration using a computer with Google Chrome, Mozilla Firefox, Safari, or the new Microsoft Edge browser.  Internet Explorer and the old Microsoft Edge are not supported.  Browsers on mobile devices are not supported.


  • On your computer, sign into your Clearlogin user account, and go to your My Settings page.

    An administrator may require the configuration steps to occur as soon as you sign in.  If so, you will bypass your My Settings page, and be prompted to insert your USB key and activate it.  Scroll down this page to the step to insert your USB key.


  • Launch the Multi-Factor Authentication wizard.


  • In the USB MFA section, click the Add USB MFA Device button.


  • Insert your USB key into a USB port on your computer
  • Name your USB key in Clearlogin (e.g. Primary USB Key)
  • Press the USB key's button to activate it.

    • Your operating system may also prompt you to insert your USB key and press the button.
    • Clearlogin will wait about 30 seconds for you to insert the USB key and press the button.  If Clearlogin times out, you'll need to refresh the setup page in your browser [F5], or start over from your My Settings page.

    • It is recommended to enter a name for your USB key.  For example, "Primary USB Key" or enter the manufacture's name to identify it.
    • You may see a message from your browser.  You should not cancel the registration process.  Here's an example message from Firefox.

After completing the configuration steps, you will be prompted to touch your USB key each time you sign into Clearlogin.

If you have configured multiple MFA providers to sign into Clearlogin you will be prompted to choose the MFA provider to use.  For example, you may have the option to use the Clearlogin MFA provider, or the USB Key provider.




  • No labels