This is the general procedure for using YubiOn FIDO Logon in your organization.
- The administrator registers and configures YubiOn FIDO Logon on the PCs of multiple end users in the organization to enhance security.
- Customer Registration
- Group Policy Settings
- Software Installation
- Authenticator Registration
Note on the introduction scenario
- End-user operations This procedure assumes that the overall configuration is done by the administrator, while some operations such as software installation and authenticator registration are done by the end user.
This is because it becomes difficult for the administrator to perform all the settings when the scale of installation becomes large.
If you do not want end users to configure the settings, but want administrators to do so, please be aware that there are physical restrictions on the settings.
Please consider who will perform which operations according to your deployment scale and operational policy, and determine the best deployment scenario.
|Group Policy Settings
||* Operation requires a PC at hand.
Enrollment via web administration screen
Not available for biometric devices
Enrollment via configuration tool on PC
|*The operation requires an authenticator at hand.
- About authenticators
The specifications and operation methods of authenticators differ depending on the type.
Please refer to the vendor’s manual for the authenticator’s operating instructions.
For FIDO2 compatible authenticators, PIN and biometric enrollment (fingerprint, etc.) settings are required at the time of registration.
The PIN and biometric enrollment settings need to be made by the end user using the authenticator.
Even if you assume a scenario where the administrator performs the enrollment, please consider in advance that the end user will have to reset the PIN and biometric enrollment settings.