Configuring Yubikey Desktop Login on Jamf-Managed Devices
Yubikeys represent an exciting opportunity to merge two features that are often at odds: security and convenience.
Many organizations have purchased Yubikeys and distributed them to their employees for that extra layer of physical security. They’re commonly used to securely access networks, databases, applications, and services in lieu of (or in addition to) regular credentials.
But Yubikeys can do so much more.
SecureW2 has independently developed software that expands and enhances the functionality and security of Yubikeys. Instead of PINs and passwords, we can help you store ultra-secure digital certificates on your Yubikey. Instead of just logging into Wi-Fi or email, we can help you strengthen your physical security by using a Yubikey to login to a desktop.
For organizations that currently use Jamf to configure their managed devices, our solution pushes a config to prompt users to automatically enroll their device for Yubikey-desktop login.
And it’s easy, too.
1. Set up Yubikey Normally
The best part about about our Yubikey solution is that users can self-enroll painlessly.
Start off by plugging in your Yubikey and allowing it to self-install the necessary drivers. Follow the instructions on the prompts.
2. Enrolling your Yubikey for a Certificate with SecureW2
The next step is to download some additional software from Yubico so that your security key can interface with our software.
Have the user navigate to your organization’s SecureW2 landing page. It will prompt the user to download the JoinNow client which, once run, will initiate a Setup Wizard to guide the user through the rest of the configuration process.
Ensuring your users have non-default, and properly complex, PIN/PUKs is an important facet of YubiKey security. Our software prompt users to enter their PIN and/or PUK in order to enroll for a certificate, and allows them to easily reset their PIN/PUK if a default value is detected. After the software verifies the YubiKey is protected with a secure PIN, it prompts users to enter in their AD/LDAP credentials or redirects to a single-sign-on page for SAML-Based Identity Providers.
The SecureW2 client provides a mobile configuration that will enable the Yubikey to perform desktop login. Using Jamf, we can push these configuration settings to all of the managed devices – eliminating the need for manual configuration which requires command line prompts and is difficult for end users.
3. Login to Managed Devices With Yubikey
Once you’ve completed Yubikey setup, configured desktop login with the SecureW2 client, and pushed the config settings out to managed devices – you’re all set. Users will be able to use the authentication that they established in Step 1 to access login to their desktops with ease.
It’s as simple as sticking the security key into the computer and entering the PIN.
Using a Yubikey to login to Jamf-managed devices is both supremely secure and very convenient. Any organization that uses Jamf to manage their devices should utilize this method to protect themselves and their data from malicious actors.
Patrick is an experienced SEO specialist at SecureW2 who also enjoys running, hiking, and reading. With a degree in Biology from College of William & Mary, he got his start in digital content by writing about his ever-expanding collection of succulents and cacti.
Configuring Yubikey Desktop Login on Jamf-Managed Devices
November 4, 2019Patrick Grubbs
We use cookies to provide the best user experience possible on our website. If you would like to learn more click here. Accept
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
