GreenRADIUS with YubiKeys – A Complete MFA Solution

Learn how coupling YubiKeys with GreenRADIUS enable a strong MFA solution

YubiKeys and GreenRADIUS

The versatile and practically indestructible YubiKey has come in many variants over the years.  GreenRADIUS supports them all, from the Standard YubiKey and Nano to the YubiKey 5 NFC and YubiKey FIPS.

GreenRADIUS is the ideal companion to make YubiKey-based two-factor authentication (2FA) work in an enterprise setting.  GreenRADIUS enables YubiKeys as the second factor for everything from Windows logon, ADFS, remote access (including VPN), secure Web access, Wi-Fi, servers, and more.

Easy Integration

GreenRADIUS integrates easily with Active Directory, OpenLDAP (which also comes on-board the GreenRADIUS virtual appliance), and 389DS.  It is also secured (hardened), updated regularly against the latest, known security threats, and supported by our team.

GreenRADIUS was initially based on a re-implementation of YubiRADIUS by the same team that originally developed the enormously popular and successful YubiRADIUS.  GreenRADIUS is vastly more powerful and even easier to set up than YubiRADIUS.  It is the perfect choice to pair with YubiKeys as they were designed to work together and requires almost zero administration.

Together with the YubiKeys of your choice, GreenRADIUS provides a complete 2FA solution that is easy to deploy, set up, manage, and maintain.

How They Work Together

By default, YubiKeys have their token secrets kept in the YubiCloud.  And GreenRADIUS can be configured to use the YubiCloud for YubiKey OTP validation.  This makes it easy for users to get started anywhere in the world, as any new YubiKey can be used “off the shelf”.

For additional security, YubiKeys can be programmed so new token secrets are generated.  Using the Yubico Personalization Tool, YubiKeys can be programmed easily by simply inserting each YubiKey into a USB port.  Once the YubiKeys are programmed, the Yubico Personalization Tool creates a CSV file of the token secrets which are then uploaded into GreenRADIUS.

To save time in assigning YubiKeys to users, GreenRADIUS can be configured to auto-provision YubiKeys.  When this is enabled, YubiKeys are automatically assigned to users upon the first successful authentication request submitted by the user through a RADIUS client that has been configured in GreenRADIUS.  In this way, users simply log in as normal using username and password with the only addition of pressing the button on the inserted YubiKey.

To use the U2F functionality of the YubiKey, users self-register their YubiKey through the GreenRADIUS self-service portal.  Once registered, the YubiKey is bound to the user in GreenRADIUS.  The self-service portal is also used to complete U2F authentication requests.


The YubiKey is a 2FA method based on a unique physical token which cannot be duplicated or recorded, providing a credential based on something only an authorized user possesses. Any computer with a USB port can use the YubiKey, regardless of the computer hardware, operating system or system drivers as it registers as a USB keyboard.

YubiKeys are designed to be nearly indestructible, made from a single piece of inject-molded plastics around the circuit board. No moving parts, no batteries and tamper-resistant to physical hacks, it can easily be attached to your keychain and you can be confident it will always be ready to use.

Core Features

Can be programmed by an organization directly to keep token secrets solely under its control
Works on Windows, Mac OS X, Linux
Waterproof, crush safe, tamper-resistant
No battery to run down or charge
Multiple configurations in one token: including OATH, Challenge-Response
Lowest total cost of ownership for strong 2FA token