YubiKeys and GreenRADIUS
The versatile and practically indestructible YubiKey has come in many variants over the years. GreenRADIUS supports them all, from the Standard YubiKey and Nano to the YubiKey 4 and YubiKey NEO.
GreenRADIUS is the ideal companion to make YubiKey-based two-factor authentication (2FA) work in an enterprise setting. GreenRADIUS enables YubiKeys as the second factor for everything from Windows logon, remote access (including VPN), secure Web access, Wi-Fi, servers, and more. Through its support of SAML (SAML 2.0) and acting as an IDP, GreenRADIUS enables users to use their regular network password in combination with a YubiKey to effortlessly and securely single-sign-on to a variety of popular cloud services such as Office365, G-Suite, Salesforce, and others.
GreenRADIUS integrates easily with Active Directory, OpenLDAP (which also comes on-board the GreenRADIUS virtual appliance), and 389DS. It is also secured (hardened), updated regularly against the latest, known security threats, and supported by our team.
GreenRADIUS was initially based on a re-implementation of YubiRADIUS by the same team that originally developed the enormously popular and successful YubiRADIUS. GreenRADIUS is vastly more powerful and even easier to set up than YubiRADIUS. It is the perfect choice to pair with YubiKeys as they were designed to work together and requires almost zero administration.
Together with the YubiKeys of your choice, GreenRADIUS provides a complete 2FA solution that is easy to deploy, set up, manage, and maintain.
How They Work Together
By default, YubiKeys have their token secrets kept in the YubiCloud. And GreenRADIUS can be configured to use the YubiCloud for YubiKey OTP validation. This makes it easy for users to get started anywhere in the world, as any new YubiKey can be used “off the shelf”.
For additional security, YubiKeys can be programmed so new token secrets are generated. Using the Yubico Personalization Tool, YubiKeys can be programmed easily by simply inserting each YubiKey into a USB port. Once the YubiKeys are programmed, the Yubico Personalization Tool creates a CSV file of the token secrets which are then uploaded into GreenRADIUS.
To save time in assigning YubiKeys to users, GreenRADIUS can be configured to auto-provision YubiKeys. When this is enabled, YubiKeys are automatically assigned to users upon the first successful authentication request submitted by the user through a RADIUS client that has been configured in GreenRADIUS. In this way, users simply log in as normal using username and password with the only addition of pressing the button on the inserted YubiKey.
To use the U2F functionality of the YubiKey, users self-register their YubiKey through the GreenRADIUS self-service portal. Once registered, the YubiKey is bound to the user in GreenRADIUS. The self-service portal is also used to complete U2F authentication requests.