- OnlyKey hardware with firmware version 2.1.1 or newer
- Must be already set up with a PIN, using the OnlyKey quick set up or OnlyKey application.
- You don't need to set any of the Slots up in the above app; you can stop after creating your profile and backup secret.
Install AuthLite OnlyKey Programmer
- From AuthLite.com/downloads, install the "OnlyKey Programmer" standalone program on your workstation.
- The workstation doesn't need to be a domain member.
- It must be the physical workstation at which you are sitting, to plug in the OnlyKey.
- OnlyKey cannot be programmed across RDP; use a local windows machine.
- Launch OnlyKey Programmer from the Start Menu item called "AuthLite OnlyKey Programmer"
- Plug in an OnlyKey
- Enter your PIN on the OnlyKey keypad to unlock it.
- Now the OnlyKey light should be solid Green, and the status at lower left of the programmer dialog should list the firmware version and "Ready". If it does not detect the OnlyKey, make sure it is plugged in to the local machine. If it says "Locked" make sure you unlock it with PIN, and the light is green. (If needed, try unplug/replug the device and enter PIN again).
- Select "Program Slots"
- If you want to program all 6 buttons with one OTP each, click "Select All Primary"
- If you want to program a short and long press for each button (called "a" and "b" here) then click "Select All"
- To select a subset of slots to write, you can pick their individual checkboxes.
NOTE that there is only one Offline secret for the whole key. As of this writing, there's not a way to re-point existing AuthLite OTP records to use a new offline secret. So if you choose to write the offline secret selecting only a subset of the slots, and you're still using *other* slots of this key in AuthLite, the older records will stop working when offline because the secret will have changed out from under them.
Another way to say this is, the OnlyKey isn't quite the same as having a bunch of different YubiKeys. It's a bunch of different Online parts of the YubiKey (OTPs), but they all have to share a single offline brain. And the Token Manager isn't (yet) designed to assign a new offline secret to an old OTP record
- (Optionally) type in Labels for each slot you want to program. Note that unlike YubiKeys, the OnlyKey does not have a visible/machine readaable serial number. So the label you assign to the slot will be the only way to identify records in the Token Manager as belonging to this key.
- Click Write To Key Now to program the slots and labels. This will take several seconds and the light on the key will flash.
- Once writing is finished, click Save Key Data to XML.
Note: This file should be considered sensitive information, as it contains all the secret values programmed into the keys. Treat this with the same security measures you would use for a password list or other secure document.
Next, you'll have to import the XML and assign the token records. This process is identical to the YubiKey. See below for links to continue.