Yubikey 2 Factor Authentication for Windows Domain Logins

UserLock makes it easy for a business to enable two-factor authentication on Windows domain accounts, managed by on-premise Active Directory. Watch how UserLock works with YubiKey – the hardware security keys manufactured by Yubico.

YubiKey offers users an easy and secure second factor of authentication

In addition to mobile authentication and Token2, UserLock now partners with Yubico to offer companies the chance to use YubiKeys to protect their Windows Active Directory users. Once 2FA is activated by the administrator within UserLock, enrollment for using the YubiKey is intuitive and simple for users to do on their own.

YubiKey detected MFA

  • Plug the YubiKey into the USB port of their computer
  • Login as normal
  • UserLock automatically detects a YubiKey is connected
  • Press the YubiKey to enter the validation code
  • UserLock now programs the YubiKey & updates the button to ‘Success’.
  • To verify, the user just presses the success button and touches the YubiKey.
    (A 6-digit code is displayed and the operation completed)

For all subsequent logins:

  • The user plugs the YubiKey into a USB port
  • The user logs in
  • UserLock requests the authentication code
  • The user simply touches the YubiKey button, the edit box will display the associated 6-digit code.
  • In order to logon, The user clicks “Verify and continue”.

Customize MFA with UserLock & YubiKey

UserLock makes it easy to customize the frequency for YubiKey authentication.

mfa workstation connections

You can also customize the circumstances by connection type (local logins and RDP sessions), by RDP connections that originate from outside the corporate network and by workstation and/or server connections.

MFA YubiKey UserLock Outside

In addition, you can combine with UserLock’s own restrictions based on the login context, to further secure all user access. Transparent to the end-user they create an additional barrier to any attacker but don’t impede employee productivity. They also allow administrators to be more confident in customizing 2FA controls that avoid prompting the user for a second authentication each time they log in.

Secure On-Premises Active Directory Hosting

UserLock is installed on your own on-premise environment to offer maximum security and can be administered from any workstation remotely. With no internet connection needed, user authentication is possible just about everywhere.

So if you are looking to protect Windows logins beyond a simple password, download now the fully functional free trial of UserLock. See for yourself how easily you can enable two factor authentication to all your Windows Active Directory users.

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.