Logon with security key

This section describes the procedure for logging on to a PC using a security key.

Prerequisites

  • The software must be installed on the PC.
  • The certifier registration must have been completed.

Start your PC and display the logon screen.
Make sure “YubiOn® FIDO Logon” is displayed on the screen. YubiOn® FIDO Logon

If you don’t see “YubiOn® FIDO Logon”, click “Sign In Options” and then click the YubiOn icon. Sign In Options

YubiOn FIDO Logon includes authentication by smartphone (QR code reading/notification) in addition to authentication by security key, and the authentication screen other than security key may appear depending on the usage situation.
In such cases, click “Logon with another type of device” and then click “Logon with security key” on the authentication information selection screen that appears to log on with the security key.

Plug the authenticator into the USB port.
Make sure that your authenticator is working properly.

When multiple authenticators are connected at the same time, touch the authenticator you want to use to select it. Authenticator selection

Operate the authenticator. The operation differs depending on the type of authenticator you are using.

  • An authenticator with a PIN set

Enter your PIN. Enter your PIN

Touch the authenticator. Touch the authenticator

If the authentication is successful, it will move to the exit process. End of authentication

Enter your Windows password.

Enter your Windows password.

If you are using a FIDO2 compliant key such as a PIN or biometric
If you are using a FIDO2-enabled key such as a PIN or biometric, the Windows password you enter will be securely stored by the FIDO2 function and will not need to be entered again.
If you change the Windows password, you will need to enter it again.

About Password Cache Regeneration
The password cache is stored using the most appropriate encryption method based on the information obtained during FIDO authentication.
Basically, a password cache is generated and used for each authentication information. However, the password cache may need to be regenerated due to differences or changes in authentication methods, such as the following

- Change of Windows password
- Differences in devices used for smartphone authentication
- Differences in authentication routes (direct logon, remote desktop logon)
- OS and software updates of PCs and smartphones

If you need to regenerate the password cache, you will be asked to enter your Windows password again at the time of logon, so please follow the instructions on the screen to enter the password.

(Client Ver.2.4.0.3 or later)
When the “Screen lock when authenticator is removed” function is enabled,
If the security key used for authentication is pulled out before the logon is completed, the logon will fail.
When “Screen lock when authenticator is removed” is enabled In this case, connect the security key again and perform the authentication from the beginning again.

If the Windows logon is successful, the desktop will be displayed.

Authentication in offline mode
YubiOn FIDO Logon performs online authentication.
However, if the administrator has enabled cache logon (offline logon) in the organization settings, offline logon is possible under the following conditions . Cache logon must be enabled in the organization settings.
Online authentication must be successfully completed on the PC.
The number of days specified in the organization settings must have elapsed since the online authentication was successful.