Credential management mode in the Setting tool
This section describes the operations for configuring authenticator registration and deletion operations that can be performed with the YubiOn FIDO Logon setting tool.
It is possible to limit the operations that end users can perform with the setting tool.
Operation Procedure
Select Authentication Service > Group Policy from the menu.
- Click the policy you want to configure from the group policy list.
- Click the radio button of “Credential management mode in the Setting tool” in the software item of the two-factor authentication setting to change the setting.
- Click the “Update” button.
- Click “OK” on the confirmation message.
Set value
Set value: Select one of the following
- Forbid registration and deletion
- Allow registration only
- Allow registration and deletion
| Set value | Authenticator Registration | Deleting authenticators |
|---|---|---|
| Forbid registration and deletion | not allowed | not allowed |
| Allow registration only | allowed | not allowed |
| Allow registration and deletion | allowed | allowed |
In a typical scenario, the end user registers the authenticator, so the setting is made so that the registration operation can be performed.
In the scenario where the administrator registers the authenticator and you do not want the end user to operate it, you can set the setting to prohibit registration.