YubiKey Authentication Support

YubiKey is a hardware token for Multifactor Authentication that supports OTP, with plans to adopt modern authentication approaches such as FIDO U2F with single security key.

On Linux systems, Chromium Embedded Framework (CEF) is used as the embedded browser for custom sign-in, SAML Authentication to work with FIDO U2F. On Ivanti Connect Secure, enable “Enable embedded browser for authentication” option in Connections settings for Ivanti Secure Access Client to launch CEF for sign in.

On macOS systems, Chromium Embedded Framework (CEF) is used as the embedded browser SAML Authentication to work with FIDO U2F. On Ivanti Connect Secure, enable “Enable FIDO2 U2F for SAML authentication” option on the connection set.

  • On windows, Ivanti Secure Access Client uses Microsoft Edge WebView2 based Embedded browser, for Captive portal, SAML, Custom sign-in, and SAML Single Logout (SLO). The embedded browser also supports FIDO2 passwordless Authentication.
    Ivanti recommends to download the Evergreen Bootstrapper softwarefrom the Microsoft software download site and run it on the endpoints. If WebView2 runtime is not installed on the machine, Ivanti client attempts to install it

    • Ivanti Secure Access Client integrates YubiKey for MFA with CEF to redirect to the IDP such as Azure AD and Okta.

    To set up YubiKey for authentication and install CEF browser, use the following procedure.

    1.Launch Ivanti Secure Access Client application and select a connection and click Connect.

     

    2.An authentication confirmation window appears. Click OK to continue.

    3.A CEF download confirmation window appears, click OK to download and install CEF browser.

    The CEF downloads automatically. The installation progress and status displays. Ensure not to initiate any other connection when CEF installation is in progress.

    4.On successful installation of CEF Browser, YubiKey authentication window appears.
    Enter Username and Password to Sign In if already registered. If not registered, registration page displays.

     

    5.On “Set up multifactor authentication” window, click Configure factor.

    6.On “Set up security key or biometric authenticator” window, click Enroll.

    7.On “Set up multifactor authentication” window, check the enrolled factors and click Finish.

    8.The connection is established and the connection details display.