IS Decisions logo

IS Decisions Blog

YubiKey 2 factor authentication for Windows domain logins

UserLock works with YubiKey to offer easy and secure two factor authentication (2FA) on Windows domain accounts managed by Active Directory.

Published June 3, 2020

UserLock makes it easy for a business to enable two-factor authentication on Windows domain accounts, managed by on-premise Active Directory. Watch how UserLock works with YubiKey – the hardware security keys manufactured by Yubico.

YubiKey offers users an easy and secure second factor of authentication

In addition to mobile authentication and Token2, UserLock partners with Yubico to offer organizations the chance to use YubiKeys to protect their Windows Active Directory user accounts. Once 2FA is activated by the administrator within UserLock, enrollment for using YubiKey is intuitive and simple for users to do on their own.

How UserLock MFA detects YubiKey

Users can complete enrollment in just a few steps:

  • Plug the YubiKey into the USB port of their computer

  • Login as normal

  • UserLock automatically detects a YubiKey is connected

  • Press the YubiKey to enter the validation code

  • UserLock now programs the YubiKey & updates the button to ‘Success’.

  • To verify, the user just presses the success button and touches the YubiKey.
    (A 6-digit code is displayed and the operation completed)

For all subsequent logins:

  • The user plugs the YubiKey into a USB port

  • The user logs in

  • UserLock requests the authentication code

  • The user simply touches the YubiKey button, the edit box will display the associated 6-digit code.

  • In order to logon, The user clicks “Verify and continue”.

Customize MFA with UserLock & YubiKey

UserLock also makes it easy to customize the frequency for YubiKey authentication.

MFA workstation connections

You can also customize the circumstances by connection type (local logins and RDP sessions), by RDP connections that originate from outside the corporate network and by workstation and/or server connections.

MFA yubikey userlock outside

In addition, you can combine with UserLock’s own restrictions based on the login context, to further secure all user access. Transparent to the end-user they create an additional barrier to any attacker but don’t impede employee productivity. They also allow administrators to be more confident in customizing 2FA controls that avoid prompting the user for a second authentication each time they log in.

Secure on-premises Active Directory hosting

Since UserLock integrates seamlessly with your on-premise AD environment, you get effective security that's easy to manage. You can ensure proper user authentication, no matter where your team logs on from, even if they don't have an internet connection. And your IT team can manage UserLock remotely, from any workstation.

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial