AuthLite Interactive Documentation
Home
Contents
CLOSE
AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens
How AuthLite uses YubiKeys
Installation and Upgrading
What platforms are supported? Prerequisites and Installation Linux systems MacOS machines
Configuration
Licensing AuthLite Set up User Groups
Configuring AuthLite to use your Group Pairs
Setting up the "Group for New Users"
Enforce 2-factor Logons
Use Group Policy to enforce 2-factor on Windows servers/workstations Secure Administrative Accounts with 2-factor Authentication Enforce 2-factor on File Shares using Access Control Lists (ACLs) Partial enforcement of a server (e.g. Exchange) with "Forced 2-factor Processes" Enforce non-Windows machines with "Forced 2-factor Computers" Enforce 2-factor logon to Office 365 with AuthLite LDAP logon support/enforcement
Windows Workstation (Endpoint) Protection
Offline Workstation logon with YubiKeys Offline Workstation logon with OATH tokens Zero-client two-factor workstation logons Workstation Safe mode operations
Remote Desktop
2FA over Remote Desktop Protocol 2FA with Remote Desktop Gateway / RemoteApp / RDWeb / RD Web Client
Replay Windows to support RDP and other re-authenticating protocols Replay Behavior setting VPN and RADIUS Configuration
Using IAS/NPS for RADIUS with AuthLite Microsoft VPN Client settings Wireless 802.1x Authentication DirectAccess and NetMotion Mobility XE Configure Watchguard SSL VPN with AuthLite
Active Directory Deployment Notes
Token Management
First: Configure Token Settings Provisioning Tokens Administratively
YubiKeys (Soft) OATH Tokens (Hardware) OATH Tokens OnlyKeys
User Self-Service
"Enroll in AuthLite" Windows program SET UP the Self-Service Web Portal USING the Self-Service Web Portal
View/Edit Existing Tokens Delegate Token Management Recovery Tokens Multiple OTP Tokens for the Same User Multiple users with the same OTP Token Password Operations
How to Log In
CLOSE

OnlyKeys

Fig. 1) OnlyKey Programmer
Fig. 1) OnlyKey Programmer

Prerequisites

  • OnlyKey hardware with firmware version 2.1.1 or newer
  • Must be already set up with a PIN, using the OnlyKey quick set up or OnlyKey application.  
  • You don't need to set any of the Slots up in the above app; you can stop after creating your profile and backup secret.

Install AuthLite OnlyKey Programmer

  • From AuthLite.com/downloads, install the "OnlyKey Programmer" standalone program on your workstation. 
  • The workstation doesn't need to be a domain member.
  • It must be the physical workstation at which you are sitting, to plug in the OnlyKey.  
  • OnlyKey cannot be programmed across RDP; use a local windows machine.

Program Slots

  • Launch OnlyKey Programmer from the Start Menu item called "AuthLite OnlyKey Programmer"
  • Plug in an OnlyKey
  • Enter your PIN on the OnlyKey keypad to unlock it.
  • Now the OnlyKey light should be solid Green, and the status at lower left of the programmer dialog should list the firmware version and "Ready".  If it does not detect the OnlyKey, make sure it is plugged in to the local machine.  If it says "Locked" make sure you unlock it with PIN, and the light is green.  (If needed, try unplug/replug the device and enter PIN again).
  • Select "Program Slots"
  • If you want to program all 6 buttons with one OTP each, click "Select All Primary"
  • If you want to program a short and long press for each button (called "a" and "b" here) then click "Select All"
  • To select a subset of slots to write, you can pick their individual checkboxes.  

NOTE that there is only one Offline secret for the whole key.  As of this writing, there's not a way to re-point existing AuthLite OTP records to use a new offline secret.  So if you choose to write the offline secret selecting only a subset of the slots, and you're still using *other* slots of this key in AuthLite, the older records will stop working when offline because the secret will have changed out from under them.  

Another way to say this is, the OnlyKey isn't quite the same as having a bunch of different YubiKeys.  It's a bunch of different Online parts of the YubiKey (OTPs), but they all have to share a single offline brain.  And the Token Manager isn't (yet) designed to assign a new offline secret to an old OTP record

  • (Optionally) type in Labels for each slot you want to program.  Note that unlike YubiKeys, the OnlyKey does not have a visible/machine readaable serial number. So the label you assign to the slot will be the only way to identify records in the Token Manager as belonging to this key.
  • Click Write To Key Now to program the slots and labels.  This will take several seconds and the light on the key will flash.
  • Once writing is finished, click Save Key Data to XML.

Note: This file should be considered sensitive information, as it contains all the secret values programmed into the keys. Treat this with the same security measures you would use for a password list or other secure document.

Next, you'll have to import the XML and assign the token records.  This process is identical to the YubiKey.  See below for links to continue.

Next Steps: