Register an authenticator via Remote Desktop

When registering an authenticator (security key/smartphone) on a PC connected via Remote Desktop,
Some displays and operations are different compared to those operated on the PC at hand.

Supported OS
To use FIDO Logon for remote desktop connections, both the source and destination OS must be Windows 10, Windows 11, or Windows Server 2022 or later.

If your account has been deleted
If the currently logged-in Windows account has been deleted from the YubiOn FIDO Logon web management site, the registration operation cannot be performed.

When registering an authenticator on Remote Desktop, use the security functionality that comes standard with Windows to register the authenticator.
Available authenticators vary depending on the Windows version of the source PC.
As of June 2024, if you wish to use a smartphone as an authenticator, the source OS must be Windows 11.

  1. On your PC, select Start > YubiOn > FIDO Logon Configuration Tool to launch the YubiOn FIDO Logon Configuration Tool.
  2. Select "Authentication Settings" from the left menu of the Configuration Tool.
  3. Click on the “Register authenticator remotely” button.

    About the "Register as DiscoverableCredential" option
    We recommend that you check this option when registering your Android smartphone.
    For more information, please click here.

  4. The Windows standard FIDO authenticator registration window will appear on the PC from which you are connecting. Follow the on-screen instructions to register the authenticator.
    Please note that the display is different when the PC from which you are connecting is Windows 11 or Windows 10.
    When the source PC is Windows 11
    When the source PC is Windows 10

    QR code reading for smartphone registration
    For iOS and iPad OS, QR codes can be scanned with the camera app included with the OS.
    For Android OS, the default camera app may differ depending on the device and carrier, and the QR code may not be scanned or passkey authentication may not be performed after it has been scanned.
    If necessary, please install a QR code reading application from the Google Play Store.

  5. Registration is complete.
  1. Confirm that the registered authenticator is displayed in the list screen.
  2. Exit the Settings tool.

About the "Register as DiscoverableCredential" option
This option is used on YubiOn FIDO Logon to "share authentication information within a Google account when registering an Android device as an authenticator".
If this option is set in Android OS specification, the credential is recorded as Google account synchronized credential.
If the option is not specified, the credential is stored in the smartphone device and is not synchronized to other devices using the same Google account.

For iOS / iPadOS, credentials are synchronized in the keychain within the Apple ID with or without this option.

The DiscoverableCredential (formerly known as "ResidentKey") feature is essentially a "make credentials discoverable at authentication" option in the FIDO2 specification.
The function is not supported by YubiOn FIDO Logon for either PC terminal logon or management web login.

If this option is enabled when registering a security key, the storage space in the security key will be used to make the credential detectable.
Please note that many security keys have an upper limit to the amount of storage space available.
Please contact the manufacturer of the security key for specific limits.