Home
Contents
CLOSE
AuthLite Interactive Documentation
FEATURES: What can AuthLite Do? TOKEN TYPES: What "Factors" are supported? INSTALL: How and where to install AuthLite? CONFIGURE AuthLite for your needs CHOOSE USERS: Choose 2-factor Users ENFORCE 2-factor Logons ADMINISTER AuthLite Tokens LDAP logon support/enforcement VPN and RADIUS Configuration How to Log In Event Logging
CLOSE
Figure 1: Set up a YubiKey Token dialog
Figure 1: Set up a YubiKey Token dialog

If you have physical access (not a remote session or virtual console) to a domain member with AuthLite software installed and a free USB port, then you can provision YubiKeys one at a time with this simple process.

Note: If you are using a short Public ID length, then you should program your keys with sequential IDs instead of random ones, to avoid collisions.  This means you cannot use the AuthLite Configuration application, since it does not allow you to select sequential IDs. Use the remote/bulk programming method instead.

  • AuthLite software installed on all domain controllers and (if you are going to administer from a workstation) on that workstation machine.

  • Valid license or evaluation key entered.

  • A blank YubiKey, or a formerly provisioned key that you want to erase and reprogram. (Note: The blue "U2F Security Key" cannot be used because it's not actually a YubiKey, and doesn't support OTP or Challenge/Response modes)

  • Insert the YubiKey into a USB port on the server/workstation you are using.

  • Launch AuthLite Configuration.

  • Select the item “Set up a YubiKey Token” as shown in Figure 1

  • The “Domain Name” box should contain the NETBIOS domain of the user account you wish to associate with this YubiKey. If your user is not in this domain, then you must install AuthLite in the domain where the user is homed.

  • In the “Username” box, enter the username (SAM account name, NOT UPN) of the user account you wish to associate with this YubiKey.

  • If you are using the “New Users” Group feature, then you can select the corresponding checkbox and the user account will automatically be added to the “New Users” group.

  • Click the “Program AuthLite key” button.

  • If you are NOT using the “New Users” Group feature, then you must manually add this user into one of your AuthLite User Groups.

  • This YubiKey is now associated to the user account you specified.

Note: simply being an AuthLite User or having a token does not require you to use 2-factor login anywhere.  You need to set up Enforcement too!