Credential management mode in the Setting tool

This section describes the operations for configuring authenticator registration and deletion operations that can be performed with the YubiOn FIDO Logon setting tool.

It is possible to limit the operations that end users can perform with the setting tool.

Operation Procedure

Select Authentication Service > Group Policy from the menu.

  1. Click the policy you want to configure from the group policy list.
    Group policy
  2. Click the radio button of “Credential management mode in the Setting tool” in the software item of the two-factor authentication setting to change the setting.
    Group policy
  3. Click the “Update” button.
  4. Click “OK” on the confirmation message.

Set value

Set value: Select one of the following

  • Forbid registration and deletion
  • Allow registration only
  • Allow registration and deletion
Set value Authenticator Registration Deleting authenticators
Forbid registration and deletion not allowed not allowed
Allow registration only allowed not allowed
Allow registration and deletion allowed allowed

In a typical scenario, the end user registers the authenticator, so the setting is made so that the registration operation can be performed.
In the scenario where the administrator registers the authenticator and you do not want the end user to operate it, you can set the setting to prohibit registration.